Simplifying Device Enrollment with Microsoft Defender for Endpoint Updates

Posted by

Microsoft will be making architectural updates to the security settings management capabilities in Microsoft Defender for Endpoint that will simplify the device enrollment process. These updates remove the need for Azure Active Directory (AD) join or Hybrid Azure AD join as a pre-requisite for onboarding Windows devices. Customers already using this functionality will transition to the updated infrastructure with no impact for existing Windows devices. Devices that were unable to enroll due to not being Azure AD joined or Hybrid Azure AD joined will now succeed enrollment.

What’s new

Microsoft will be making architectural updates later this month to the security settings management capabilities in Microsoft Defender for Endpoint. These updates will simplify the device enrollment process by removing Azure Active Directory (AD) join or Hybrid Azure AD join as a pre-requisite for onboarding Windows devices.

How it works

Customers already using this functionality will seamlessly transition to the updated infrastructure with no impact for their existing Windows devices managed by Defender for Endpoint that are using this functionality. Additionally, any new devices enrolled into security settings management for Defender for Endpoint will use the updated infrastructure.

What to expect

In the Microsoft 365 Defender portal, customers can confirm that the device is using the security settings management capability by checking its status in the Managed by column. In the Intune admin center, customers can search for the device name on the All Devices page and confirm it’s successfully enrolled by checking the MDE Enrollment status is Success. In the Microsoft Azure portal, customers can ensure that all devices enrolled in security settings management for Microsoft Defender for Endpoint receive policies by creating a dynamic Azure AD group.

To ensure that all devices enrolled in security settings management for Microsoft Defender for Endpoint receive policies, we recommend creating a dynamic Azure AD group based on the systemLabels property containing the “MDEManaged” value.

Key points from the article:
  1. Microsoft is making architectural updates to the security settings management capabilities in Microsoft Defender for Endpoint
  2. Azure Active Directory (AD) join or Hybrid Azure AD join are no longer pre-requisites for onboarding Windows devices
  3. Existing Windows devices will transition to the updated infrastructure with no impact
  4. Devices that were unable to enroll due to not being Azure AD joined or Hybrid Azure AD joined will now succeed enrollment
  5. Devices will appear in the device lists for Microsoft 365 Defender, Microsoft Intune, and Azure AD portals

From the Intune Customer Success articles


Related Posts
Unlock New Possibilities with Windows Server Devices in Intune!

  Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more

Unlock the Power of the Platform: Your Guide to Power Platform at Microsoft Ignite 2022

Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more

Unlock the Power of Microsoft Intune with the 2210 October Edition!

Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more

Unlock the Power of Intune 2.211: What’s New for November!

Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more