I did a manual (Script method) enrollment of two devices ( Win 10 & Win 2019) and they are seen as enrolled in Defender 365 portal. However I don't see it as assigned in EDR, Antivirus, Attack Surface reduction etc. Please see attached screen shots.182370-endpoint-enrollement-ss.pdf
At the moment the feature set is limited if your devices are not enrolled into Intune. However, if you are planning to use AV, FW, EDR, then you can definitely consider using the MDE security configuration preview feature.
What profiles are you using for the policies? Servers cannot be managed using Intune unless they are tenant attached or you using the preview EP security settings.
Thanks Rahul for the revert.
I am using "Windows 10 and later" and that could be the reason. However the group that I have assigned has a Win 10 Pro and a Win 2019 server. Will try to make separate groups and separate policies and update.
Are the Windows 10 devices reporting onboarded under the AV report? Also, not all ASR rules will be supported on Windows 10 Pro. The requirements are listed here in the official link.enable-attack-surface-reduction
Also, did you configure the connector? Here are the details.advanced-threat-protection-configure
I had already connected Intune using the same article you mentioned. I have now created two groups one for Win 10 and and one for Servers and created two profiles a) "Win 10 and Later" b) "Win 10, Win 11, and Win Server (Preview)" and assigned to the respective groups.
I still have the same results. I see both my devices in the devices bade in MS 365 Defender portal but in Endpoint admin center, I don't see the either of the devices.
Should I enable Automatic Enrollment in EPM? Note that I had run the script on both the machines and it completed successfully.
BTW:- I have not created any profiles in the Configuration Profiles blade under EPM Devices. The profiles that I was referring to earlier are created under EDR, AV, Attack Surface Reduction etc under respective Endpoint Security Blade, Manage Blade.
My Win 10 device is AAD joined (enabled at the time of creation). I Don't see it registered in Intune (EPM Admin Center) whereas it is registered in Defender (Device Inventory).
My interest at the moment is to test out the EDR followed by other EPM solutions such as AV, Attack Surface Reduction etc. I have never worked with Intune before and new to EPM as well. I connected Intune only because the onboarding document said so. i.e. Intune is NOT my primary goal now. Technically, my situation is close to the article you shared
'mde-security-integration" This article also says that if I don't integrate with Intune I don't get most of the features so I guess that is the best route. I think I need to get a grip on Intune first before I spent more time on this. Bit frustrated that to get a EDR working, it is a lot of learning curve. Appreciate if you can point to some good links.
Thanks for you help
6 people are following this question.
