I have SOPHOS on our endpoint, but want to onboard MD defender for few devices first to see how it works. do you think i need to uninstall SOPHOS first, or i should go ahead with the onboarding and allow MD for endpoint to go passive or SOPHOS will automatically go passive? Any advice would be really appreiated

Glad it was helpful!

@@mountaineersecurity The way you cover, the how, why, this is well laid out (thank you!)

Thank You!

Did you see it yet or what was the fix if yet it was

@@skoul27 The solution was time haha, I had to wait almost 24 hours to see the modules related to the licence

Thank You!

users will need an Intune license in order for it to work. If you do not have Intune, you can still use MDE, you just can't use Intune to manage it.

Sorry Joseph, I've been out on vacation! I have migrated many companies from 3rd party security products onto MDE. One of the great features of the MDE/ Defender AV design is that on Windows 10 machines, Defender AV never truly leaves the machine. When a 3rd party AV is installed on a Windows 10 machine, Defender AV will turn itself off. When the 3rd party AV is removed, Defender will turn itself back on (unless configured to be disabled by GPO). This means that the device will be protected throughout the migration to Defender for Endpoint. Here is a link that goes into more detail on the migration process. Thanks for the comment, I'll be posting more videos next week! docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/migration-guides?view=o365-worldwide

@@mountaineersecurity Thanks! I think now the only main thing I need to check on is roles and permissions. I assume we can piggy back off how we have it setup for Intune or since the Security portal is different we would need to start from scratch?

Hi Cedric! There is no difference between the configuration profile that was created in the demo, and the EDR onboarding policy. It is just a matter of preference as to where you want to configure the policy. You can manage security settings a few different ways. The first being with Intune and applying policy that way. The second is using MDE to manage settings by tagging the device in MDE, then using the Endpoint Security policies in Intune to deploy. This method is more for folks who want to utilize Intune security policies, but don't have devices onboarded onto Intune yet. This method does have some limitations such as not being able to configure and apply ASR rules, device compliance, etc. Below is a link to more on that. It's a great read! docs.microsoft.com/en-us/mem/intune/protect/mde-security-integration#which-solution-should-i-use

@@mountaineersecurity Thank you! That really helped me out. As I understand it now: 1. When a device gets onboarded to MDE only, it will show up in MEM as an MDE managed device but you only have a limited amount of settings you can push. Still, most of the settings need to be configured in MEM within the security portal regardless of the onboarding. 2. With an Intune onboarded device which is integrated to MDE, you have the full capabilities and security settings. You also have to manage and configure the settings from within MEM in the security portal.

That is correct! Remember, when you are wanting to use MDE only to manage the settings ported from Intune, you will need to add the MDE-Management tag to the device. You will also need to enable the connector for this by going to the Intune portal>Endpoint Security>Microsoft Defender for Endpoint> "Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations" and switching the button to "On".

Great question! Yes, as long as the hybrid joined devices are enrolled into Intune.

We (in our company) only configure the ASR rules with Endpoint Security policy for Servers. We use the configuration profiles for regular devices since you can't add servers to configuration profiles. Other than that, if you onboard devices from Defender portal>Settings>Endpoints>Onboard, as shown in the video, you can use Endpoint Security polies for those devices (Considering tenants with no Intune license) Audit report will be there in both cases since they are technically the same settings in different places with Servers as an exception.

Hi Dileep! This will work with an M365 E3 License as that license provides MDE Plan 1. You can also purchase the separate license for MDE as well. docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide