Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations???

Рет қаралды 3,614

Dean Ellerby MVP

Күн бұрын

Пікірлер: 22

@cristhiansaid 2 сағат бұрын

excelente video me scaste una duda que todo el internet no pudo

@tuxmc 5 ай бұрын

Great explanation! Do you have a video about the Endpoint deployment?

@thepete1338 5 ай бұрын

Great explanation!!

@DeanEllerbyMVP 5 ай бұрын

Thanks Pete!

@jonathang8571 5 ай бұрын

Clear as mud. ;) Question - we have this connection disabled in our tenant and we have our servers onboarded to Defender via GPO with their config settings, so if we enabled this, Intune would then take ownership of their defender settings?

@andrewenglish3810 2 күн бұрын

@DeanEllerbyMVP this is a good video but at the same time Microsoft doesn't give you an idea how to properly setup Intune AV for MDE devices such as servers. So right now my servers are 2 weeks behind in backups because the AV is blocking Active Backup for Business on my my Hyper-V hosts and I don't see a direct way of disabling AV...

@Egimatic 5 ай бұрын

Is it recommended to run MS Defender alongside CrowdStrike? We only use defender now for telemetry aka passive mode

@DeanEllerbyMVP 5 ай бұрын

You can run MDE in passive mode alongside any other EDR, sure. You shouldn't run it in Active mode, though.

@Wlp42 5 ай бұрын

It's recommended to run MDE in passive mode alongside 3rd party EDR for the telemetry it can share to other products your org may use in m365; purview, intune, mdca, etc

@RubenHernandez-b9l 2 ай бұрын

Well I am trying to manage servers using MDE. I have the correct settings applied. I have a group that has a few test servers in it. some are getting the policy and some are not. What is this settings for? "Manage Security settings using Configuration Manager" that is on the bottom of the enforcement page. We also use SCCM

@MrMarcLaflamme 5 ай бұрын

Thank you for addressing my question Dean! I still don't get it 100% but it's more clear than before. So if you are only using Intune to manage your fleet, keep the setting disabled because it's not going to help. If you start to incorporate other forms of management (ie GPO, other MDM), or if you are wanting to push MDE policies via Intune (keeping that single pane of glass) to devices that can't be managed by Intune (ie Servers) then you should turn it on (in both places). If that's correct, is there a reason for the on/off switch on both sides? Enable it in Intune AND in MDE? Seems strange, would you ever only turn on one side and not the other?

@DeanEllerbyMVP 5 ай бұрын

That’s spot on, yes. I imagine the dual ‘on’ switch is to cater for organisations that have split responsibilities between Security and Device Management. This way, an Intune admin can’t make MDE do something without an MDE admin also making that happen, and vice versa. There might also be a technical reason :-)

@MrMarcLaflamme 5 ай бұрын

@@DeanEllerbyMVP gotcha! Or in my case it’s confusing because both of those people are me! 😂

@nazerbor3i 5 ай бұрын

This is so confusing, I don’t know whether to turn this option on or off 😅

@DeanEllerbyMVP 5 ай бұрын

:-) Let's put it this way... 90% of organizations have it turned on. 10% of organizations use it. I made that up, but hopefully you get the point.

@MrMarcLaflamme 5 ай бұрын

@@nazerbor3i From what I gather, if everything you have MDE on is managed by InTune and you configure Security Policies for MDE using InTune, keep it off. Otherwise turn it on.