defender for endpoint settings

Question

Hello!
There was a question about the Microsoft Defender Portal settings item in the Defender for Endpoint item. When in Security setting management- enable Use MDE to enforce security configuration settings from Intune. then "Enable configuration management Choose which OS platforms to apply the settings on, then select which set of devices to implement it on. To test the feature on a specific set of devices, tag them withMDE-Management"
a list of operating systems appears with the option to select them on all devicess or on tagget devices.
Q: Does this only apply to devices that have Defender for Endpoint deployed onboard and not intune?
Q: That is, if I deployed Defender for Endpoint Connector for Mac devices that are not managed by Intune, but did not enable macOS Devices in the enforcement scope, then the Defender functionality on these devices will not work? At the same time, if I connect some macOS to Intune and enable Defender for Endpoint Onboard, will the Defender functionality work on these devices?

Answer 1

Hi Danissimode

• A: Yes, the settings you mentioned are specifically for devices that have Microsoft Defender for Endpoint (MDE) deployed on them. This includes devices that are enrolled in Intune and have MDE deployed, as well as devices that aren't managed by Intune but have MDE deployed directly.
• A: If you have deployed the Defender for Endpoint Connector for Mac devices that are not managed by Intune, and you did not include macOS devices in the enforcement scope, then the Defender for Endpoint functionality will not be enforced on these devices. The Defender for Endpoint functionality will only be enforced on the devices that are included in the enforcement scope.

On the other hand, if you connect some macOS devices to Intune and enable Defender for Endpoint onboard, then the Defender for Endpoint functionality will work on these devices, given that they are included in the enforcement scope.