Microsoft Intune Extends Defender Security Policy Management to Unenrolled Devices

New capability allows organizations to enforce endpoint security policies through Defender and Entra identities.

Cloud Computing

Key Takeaways:

  • Microsoft Defender-managed devices can now receive Intune endpoint security policies without enrollment.
  • This feature supports Windows, Windows Server, macOS, and Linux platforms.
  • Administrators can manage compliance and policy deployment from Intune and Defender portals.

Microsoft Intune has released a new update that enables IT admins to manage security settings for Microsoft Defender for Endpoint on devices that are not enrolled in Microsoft Intune. This feature extends security management to Windows, Windows Server, macOS, and Linux.

Microsoft highlighted that this update allows organizations to centrally manage endpoint security policies through either the Microsoft Intune admin center or the Microsoft Defender portal. Devices receive security configurations through their Microsoft Entra ID identities, and Defender for Endpoint enforces those settings directly on the device. Administrators can track policy deployment, monitor compliance, and review device status from both Intune and Defender management consoles.

“This scenario extends the Microsoft Intune Endpoint Security surface to devices that aren’t capable of enrolling in Intune. When a device is managed by Intune (enrolled to Intune) the device doesn’t process policies for Defender for Endpoint security settings management. Instead, use Intune to deploy policy for Defender for Endpoint to your devices,” Microsoft explained.

What are the prerequisites?

To use this feature, administrators must enable the enforcement scope in the Microsoft Defender portal and configure Intune to enforce endpoint security settings. Once enabled, supported devices can receive and report on security policies (such as Antivirus, Firewall, and Attack Surface Reduction (ASR) rules) even when they are not enrolled in Microsoft Intune.

Microsoft notes that this feature requires organizations to have Defender for Endpoint licensing (through Microsoft 365 or standalone MDE licenses). Customers should also have appropriate connectivity to Microsoft cloud endpoints and required Defender agent versions on supported operating systems.

Administrators can use device inventory and management dashboards to review enrollment status and gain visibility into the security posture of managed endpoints. Moreover, role-based access control (RBAC) allows organizations to assign administrative permissions based on job responsibilities. It helps maintain governance while securely delegating management tasks.