Some important points
- Policies are assigned to a priority order
- Devices apply only the first policy
- The order can be changed
- Default policies get the lowest priority
Example -> Next-Generation Protection:
- AllowBehaviorMonitoring
- AllowIOAVProtection
- AllowScriptScanning
Onboarding process
- It is recommended to add the devices via Microsoft Intune before configuring Defender for Business.
- If the devices are not provisioned through Intune, we still recommend that you complete this process on the Microsoft Endpoint Manager admin center before Defender is configured.
- For very small companies (for example, up to 20 devices), a manual configuration with local scripts directly via the Defender makes sense. For mobile devices or for companies with more users, it is recommended that you perform the onboarding process with Intune.