We know that we can integrate Microsoft Defender for Endpoint with Microsoft Intune. This is a Mobile Threat Defender solution for all your devices that you enroll to Intune. In this blog post I will just show you the process on how to configure Intune and then onboard devices into MD ATP.
MD ATP is not only a good solution for Windows devices but it acts as a pretty good threat defence solution for both iOS and Android. Even Mac devices can be on-boarded into it and you can create security baselines accordingly.
So, without wasting much time lets get into it.😎
Pre-Requisites
Lets first checkout the pre-requisites for this and lets see what are the different subscriptions that we need.
1. Microsoft Azure Premium P1/P2
2. Microsoft Intune (M365 E5/ EMS E5)
3. Microsoft Defender for Endpoint P2(if you want to manage endpoints from security center then please get this P2 license)
If you are asking why P2 then just checkout the table below and see the offerings from Microsoft, it’s better to have more services right, yeah😉
Make sure you have the below license, this is Trial license for my lab purposes but you get an idea now which one to select for your tenant or Prod environment.
At the End when you check your license subscription the screen should look something like this.
NOTE: Although instead of Developer E5 you should have M365 E5/EMS E5.
Your End-user should have assigned licenses like below:
Configuring MS Defender for Endpoint with Intune
Now, let's checkout the process to configure MD ATP with Intune.
At this stage the assumption is, that you have let your devices enroll into Intune or if you are migrating devices then at least you are in the process to enroll them with using Hybrid Azure AD or Standalone Azure AD.
When you open the Intune and navigate to Endpoint Security > Microsoft Defender for Endpoint you will see something like below.
There is another way to configure it but let's just stick to our process, I feel this is simple way to do it. When you are in the above screen under Configuring Microsoft Defender for Endpoint Click on point number 1 link – Connect Microsoft Defender for Endpoint to Microsoft Intune in the Microsoft Defender Security Center.
Also in the same page if you drag down below, you will find another link under Common shared settings – Open the Microsoft Defender Security Center. Clicking on this link will also take you to same page.
When you have all the licenses assigned and configured and click on the above links it will open Microsoft Security Center for you like this.
NOTE: It takes around 24 hrs to enable this Endpoints tab, also under settings once you have purchased the P2 license then it takes mentioned time to enable Endpoints tab.
Next, on the right hand side scroll down and find Settings tab and click on it, the below screen appears
Click on the Endpoints above, it will open the screen like below:
Click on the Advanced features, then checkout the list, you have some very important features like web content filtering, Device Discovery and Microsoft Intune Connection. Enable Microsoft Intune Connection from here. You can also enable other features as per your requirement. Once you enable and click on Save Preferences, below temporary pop-up will show that your Settings are saved and that’s it you are done configuring Intune with MD ATP.
Now, once you are done with above steps go back to your Intune and navigate back to Endpoint Security > Microsoft Defender for Endpoint. You will see that Connection Status is now shown as available and there would be a date to show you when it last synchronised. Under MDM Compliance Policy Settings enable each platform connection and that’s it you are now ready to onboard devices from different platform to MD ATP.
On-Board Windows Devices to MD ATP
When you enable this below button
Windows devices start on-boarding to MD ATP automatically, but if you still face some issue then you can enable a configuration profile for Endpoint Detection and Response.
Click on Create Policy on above screen. This will help you create a config profile like below:-
Configure as per requirement, click Next and deploy to all Windows devices:
NOTE: When you configure EDR policy after connecting Intune and Microsoft Defender for Endpoint, the policy setting Microsoft Defender for Endpoint client configuration package type has a new configuration option: Auto from connector. With this option, Intune automatically gets the onboarding package (blob) from your Defender for Endpoint deployment, replacing the need to manually configure an Onboard package.
You can also enable this using Group Policy in Hybrid environment.
Onboarding MacOS devices
To onboard MacOS devices you would need to create an also configure some extensions. Follow the steps below to onboard Mac Devices.
This step enables deploying Microsoft Defender for Endpoint to enrolled machines.
In the Microsoft Endpoint Manager admin center, open Apps.
Select By platform > macOS > Add.
Choose App type=macOS, click Select.
Keep default values, click Next.
Add assignments, click Next.
Review and Create.
You can visit Apps > By platform > macOS to see it on the list of all applications.
Just deploying the app may not work and you may need to also deploy different configuration profile for Extensions. You need to send Kernel Extension, Approve system Extensions and also provide Full Disk Access to MDATP.
Follow the below link for more details from Microsoft.
Onboard iOS and Android Devices
In both these cases you can download MD ATP app from iOS app Store/Managed Google Playstore and configure it with Intune and then Deploy accordingly.
For iOS device you will find more information in this link:
For Android devices find the steps and more information under:
That’s it for this time guys, hope this help you configure Intune with MD ATP and onboard your devices. See you next time, until then Cheers🤔