Share via

Should I use Intune or Defender portals to manage security settings for Windows Endpoints?

Chad Miars 20 Reputation points
2023-08-25T23:16:53.8733333+00:00

I am confused on which is the best location to manage the security setting for my Intune managed Windows devices. Should I be using the "Endpoint Security" section in the Intune portal or the Microsoft 365 Defender>Endpoints>Configuration Management>Device Configurations.

I have policies in both places and there appears to be conflicts. Is there someone with a blog or site that can break down the differences and when/why I should choose one over the other. Is the Microsoft 365 Defender option just for endpoints not managed by Intune? I don't mind reading through the details, I just can't find anything that explains the context. Any help is appreciated.

Microsoft Security | Intune | Security
Microsoft Security | Intune | Other

Answer accepted by question author

  1. ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff
    2023-08-28T05:08:34.8633333+00:00

    @Chad Miars, Thanks for posting in Q&A.  From your description, we understand that you have confusion on using Intune or Microsoft 365 Defender Endpoint portal to manage security settings for Windows Endpoints.

    We did some research. For the "Endpoint Security" section to manage security settings for devices enrolled in Intune generally. This is where you'll set up device security policies and settings that are tailored to the devices you're managing with Intune.

    • Antivirus
    • Attack surface reduction
    • Endpoint detection and response
    • Firewall
    • Firewall Rules

    For more information about Microsoft Defender for Microsoft Intune, please visit the link below:

    Use Intune to manage Microsoft Defender security settings management on devices not enrolled with Microsoft Intune | Microsoft Learn 

    The "Configuration Management" section under Microsoft 365 Defender is more focused on security configurations that are tied to threat detection and response, and it might be more relevant for endpoints that are not directly managed by Intune, such as servers or devices that fall outside of your Intune management scope. Here are some security settings you can configure:

    • Incidents & alerts
    • Hunting
    • Action & submissions
    • Threat analytics
    • Secure score
    • Learning hub
    • Trials
    • Partner catalog

    For more information about Microsoft Defender for Endpoint, please visit the link below:

    Microsoft 365 Defender portal | Microsoft Learn

    To determine where we configure the policy, you can check which the device is managed by. If the device is managed by MDE, you can set the policy only in Microsoft Defender for endpoint to avoid conflict. 

    Hope above can be helpful.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    4 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.