question

DesmondGoh avatar image
0 Votes"
DesmondGoh asked LuDaiMSFT-0289 commented

Defender for Endpoint policies for endpoints

How can I assign ASR policies to endpoints such as Linux, macOS and even Windows 10 machines that are not managed by Intune or SCCM?

I can only find articles on how to onboard endpoints to Defender for Endpoint portal but couldn't find any in regards to creating and assigning policies to them.

Any help is appreciated.

mem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 commented

@DesmondGoh Here is intune support. Thanks for posting in our Q&A.

Does ASR mean Attack Surface Reduction? If yes, I have done some research. If the device is not managed by intune or SCCM, we can enable Attack Surface Reduction via GPO or PowerShell. The following article can be a reference.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide

If the above information is not what you want, it is suggested to contact Microsoft Defender for Endpoint support to find more effective help.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/contact-support?view=o365-worldwide

Hope the above information will help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LuDaiMSFT-0289 thanks for your reply.

The URL given are targeted to managed Windows devices.
How other OSes such as Linux, macOS and unmanaged Win10 endpoints?

I've managed to onboard macOS, Ubuntu and unmanaged Win10 to Defender for Endpoint portal aka the new https://security.microsoft.com portal and I can see those endpoints in Device Inventory. However, there is no way for me to assign any DfE policies to those onboarded endpoints from within the portal.

So far, from https://endpoint.microsoft.com, I've managed to create and assign DfE policies, ASR, EDR, etc to those Intune managed endpoints but there is no way I can assign those policies to devices that are onboarded to DfE portal.

Any help is appreciated.

0 Votes 0 ·

@DesmondGoh Thanks for your reply.

For unmanaged devices, I couldn't give more information. Because this is more related to Defender for Endpoint itself. Given this situation, it is better to contact Microsoft Defender for Endpoint support to find if there is any method to unmanaged devices in the following link:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/contact-support?view=o365-worldwide

Hope this issue will be solved as soon as possible.

0 Votes 0 ·