This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 8%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Hello,
We have multiple production Servers for Different Purpose, and we are using Azure AD to manage users, and to manage Devices we use Intune I wanted to Know can we apply Security Baseline or other Intune Security Policies on these Servers if Yes then how we can enroll these servers in Intune/Azure AD to apply baseline policy. Does the Server enrollment in Intune required any Licenses for Sever Enrollment.
If this is possible then can you please share the process doc with me for understanding the process because I don't know how to enroll Servers in Intune or Azure AD. I am not seeing option of Work or School account to enroll server into Intune.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@Sumit Kumar Jha Thanks for posting in our Q&A.
Intune doesn't support sever enrollment. For windows, intune only supports windows client. Please refer to the following article:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers
Hope it is helpful.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Xenia-MSFT If we cannot enroll the Server in Intune then how we can apply ASR Policies, Defender Policies on Servers Can you help me with this?
@Sumit Kumar Jha When we use Microsoft Defender for Endpoint, we can deploy endpoint security policies from Microsoft Intune to manage the Defender security settings on the devices we've onboarded to Defender without enrolling those devices with Intune. Please refer to the following article:
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
@Sumit Kumar Jha Haven't heard from you for some time. If the above answer is helpful, please click "Accept Answer". If there is anything else we can help, feel free to let us know. Thanks.
@Sumit Kumar Jha We haven't heard back from you. Could you please provide an update on your issue? If you have any questions or concerns, feel free to reach out to us. If the information provided has been helpful, please consider marking it as the accepted answer to close this case. Doing so will assist others with similar questions in finding solutions more easily.
Thanks for your kindness in advance.
Hi Xenia-MSFT
Sorry for delay in response I did not get the answer that I was looking for.
Intune doesn't support sever enrollment. For windows, Intune only supports windows client. Please refer to the following article:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers
Can you tell me does ASR and Defender Policy Supported by Windows Server if Yes How we can apply this policy to Servers and does this required additional separate Licenses Like Business Premium, E3, E5?
Can you share process doc for ASR and Defender Policy for the Servers?
@Sumit Kumar Jha Currently devices on the Windows Server platform don’t support mobile device management (MDM) and can’t enroll in Microsoft Intune. With the Microsoft Defender for Endpoint (MDE) Security Management feature, Windows Servers can receive security management policies from Intune.
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
So, ASR and Defender Policy are supported by Windows Servers.
For ASR, please refer to the following article:
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy
It is needed to have Windows 10 Enterprise E5 or E3 License. Although attack surface reduction rules don't require a Windows E5 license, with a Windows E5 license, you get advanced management capabilities including monitoring, analytics, and workflows available in Defender for Endpoint, as well as reporting and configuration capabilities in the Microsoft Defender XDR portal. These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events. So, choosing an E5 or E3 license depends on whether you need advanced management capabilities.
https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#requirements
Hope it is what you want.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.