4.0 Defender for Endpoint(MDE): Onboard Intune Managed windows 10/11
In the previous blog post, we onboarded unmanaged Windows 10 devices to the Microsoft Defender for Endpoint. In this post, we will onboard the Intune-managed devices.
Manage device by Intune
First, we will manage the device by Intune, in other words, onboard the device to Intune. Log in to the target machine and go to settings->Accounts->Access work or school->Connect.
Click on Join this device to Azure Active Directory to register the device to the AAD.
Provide the user ID and password that has permission to register the device to AAD. Make sure the provided information is correct.
In the AAD portal->Devices, we can see the device has registered. After a few minutes, the device will be registered/onboarded to Intune.
In the Intune portal, go to the devices-> Windows devices and we can see the device name and managed by Intune.
Make sure the device is a member of the group MDE_VM so the onboarding policy applies to it.
Onboard the Intune-managed device to MDE
Log in to the Intune (endpoint.microsoft.com) - Microsoft Endpoint Manager admin center. Click on Devices-> Configuration profiles->Create profile.
Select the platform Windows 10 and later and profile type Templates. Search Defender in the search box Microsoft Defender for Endpoint (desktop devices running Windows 10 or later) will appear. Select it and click on the Create button.
Provide the required information in each step.
In Assignments, we define the scope of the configuration profile policy. If we want to onboard all the devices then click on Add all devices. If we want to onboard the devices from the selected group then select those group/groups. Here we have chosen an AAD group called MDE_VM, all the devices in the group will be onboarded to the MDE automatically.
Review all the provided information and click on the Create button.
We can see the configuration profile policy has been created as below.
When we click on the policy and scroll down to the Configuration settings then we can see the purpose of this policy is to onboard the devices to the MDE.
The below report shows that 1 device has been onboarded by this policy. As the device has been onboarded to the MDE, it should appear in the MDE portal.
Now, let's go back to the security.microsoft.com portal. We can see the device has been onboarded to the MDE successfully by the onboarding policy created in Intune.
In the next post, we will discuss what to do after onboarding.