Announcing Preview of New Security Management Capabilities for Microsoft Defender for Endpoint.
Published Dec 02 2021 07:02 PM 21K Views

Preventing data breaches and maintaining compliance are at the top of everyone's agenda. It is essential for IT teams and security teams to collaborate and become true, unified partners when it comes to business enablement.
Microsoft is privileged to sit at the intersection of IT and Security, and continually looks for opportunities to better integrate security and IT management, from configuration and device management to compliance.

We are excited to announce that Microsoft Defender for Endpoint has extended its configuration management capabilities. Together with Microsoft Endpoint Manager, we’ve integrated security management in a single, dedicated console for unified endpoint security management. Without the need to deploy and use additional tools and infrastructure, you can now manage security settings (initially AV, EDR and firewall policies) across devices, with Microsoft Endpoint Manager serving as a single management platform.  

With this improvement built on the Microsoft 365 Identity & Management fabric, we are looking to connect your security and IT teams with integrated experiences and eliminate the need to deploy and use additional tools and infrastructure to manage Microsoft Defender for Endpoint security settings.  


We’re releasing this new feature initially for Windows 10, Windows 11, Windows Server 2012R2 and above, and will gradually expand to support additional operating systems (including Linux and Mac OS).

Solution applies for any subscription that grants licenses for Microsoft Defender for Endpoint ( Plan 1 and Plan 2). 
Any subscription that grants Microsoft Defender for Endpoint licenses also grants your tenant access to the Endpoint security node of the Microsoft Endpoint Manager admin center. The Endpoint security node is where you'll configure and deploy policies to manage Microsoft Defender for Endpoint for your devices and monitor device status.

How does this work? 
The following diagram represents the new Microsoft Defender for Endpoint security configuration management solution.



This scenario requires organizations to enable security management in both the Microsoft Endpoint Manager and Microsoft Defender consoles.

When Microsoft Defender for Endpoint is deployed on a device (1), the client automatically and seamlessly registers the device to Azure Active Directory (either through your existing Hybrid process or directly with Azure for workgroup devices) (2).

Devices that are not enrolled with Endpoint Manager will now automatically be enrolled without the need to deploy and use additional tools and infrastructure (like Intune Enrollment) (3)

Changes will not apply for devices that are already enrolled in Microsoft Endpoint Manager devices enrolled into Intune will continue to receive policies through their established management channel. 

This new communication channel enables the device to be targeted to receive security management policies just like any other device (4). You can go ahead and use Azure Active Directory groups to target policies, and the devices use their membership in the groups to determine what policies they need to apply.

How to get started?

For detailed information on this scenario, please visit our documentation.


As always, we welcome your feedback and are looking forward to hearing it! 

Version history
Last update:
‎Dec 03 2021 11:42 PM
Updated by: