Defender for business policies

Question

we are about to implement Defender for Business but already use inTune, I'm not sure if I'm just over thinking things but we have some conditional access policies already setup in Endpoint manager, will these be affected if we use DfB as the management system, or should we continue to use Defender for Endpoint as the management system, hope all that makes sense

Thanks

Geoff

Answer 1

Intune and Defender are not the same product and they complement each other. For example, consider Azure and Intune, they have policies and work together and it is not like replacing each other. You may use both alongside each other and together.

Answer 2

Hi, thanks for this, so would the conditional access policies be part of intune or endpoint manager? or would that be hard for you to be able to say? and does this actually make a difference, as when setting up DfB it states that you will need to disable any policies in DfE, and that is a scary thought, if we are then unable to setup the same or similar policies in DfB

thanks

Answer 3

Some important points

• Policies are assigned to a priority order
• Devices apply only the first policy
• The order can be changed
• Default policies get the lowest priority

Example -> Next-Generation Protection:

• AllowBehaviorMonitoring
• AllowIOAVProtection
• AllowScriptScanning

Onboarding process

• It is recommended to add the devices via Microsoft Intune before configuring Defender for Business.
• If the devices are not provisioned through Intune, we still recommend that you complete this process on the Microsoft Endpoint Manager admin center before Defender is configured.
• For very small companies (for example, up to 20 devices), a manual configuration with local scripts directly via the Defender makes sense. For mobile devices or for companies with more users, it is recommended that you perform the onboarding process with Intune.