Microsoft Defender for Endpoint Eases Enrollment Requirements for Devices Managed via Intune

Last Update: Aug 30, 2023 | Published: Jun 19, 2023

Windows Logo

SHARE ARTICLE

Microsoft has announced some changes coming to the security settings management capabilities in Microsoft Defender for Endpoint this month. The company plans to remove the Azure Active Directory (AD) join or Hybrid Azure AD join enrollment requirement for Windows devices.

Last year, Microsoft released a new feature called Security Management for Microsoft Defender for Endpoint. It’s designed to streamline the management of devices that are not managed by Microsoft Intune. Up until now, this capability was only available for Azure AD joined or hybrid Azure AD joined devices.

Microsoft explained that it’s updating this requirement to streamline the enrollment process for Windows devices. This change should let IT admins protect more devices such as Domain Controllers (DCs) or kiosks.

“With Microsoft Defender for Endpoint, you can now deploy security configurations from Microsoft Intune directly to your onboarded devices without requiring a full Microsoft Intune device enrollment,” Microsoft explained. “With this capability, devices that aren’t managed by a Microsoft Intune service can receive security configurations for Microsoft Defender for Endpoint directly from Intune.”

Microsoft Defender for Endpoint to roll out updated enrollment requirements in preview

The new settings management experience will be available for organizations enrolled in the Microsoft Defender for Endpoint public preview program later this month. To get started, IT admins will need to head over to the Microsoft Defender for Endpoint portal and click Settings >> Endpoints >> Advanced features >> Preview features. Customers will also need to deploy the latest updates on their Windows devices.

Microsoft Defender for Endpoint Eases Enrollment Requirements for Windows Devices Managed via Intune

Microsoft notes that customers currently utilizing the existing settings management experience will move to the new infrastructure automatically. This change should not impact the devices, their identity, registration type, and endpoint security policies.

Microsoft advises customers to create a dynamic Azure AD group to apply the policies to onboarded devices in security settings management for Microsoft Defender for Endpoint. This approach should eliminate the need to perform additional steps to automatically add managed devices to the Azure AD group. You can check out more details about the new device management experience on Microsoft’s support page.

SHARE ARTICLE