This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 33%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi, if I switch device configuration workload which also switches endpoint protection workload from CM to Intune what will happen with antimalware policies deployed to collections containing Windows 10 devices if I do not create them from scratch and deploy from Intune end? Basically would I be forced to create same antimalware policy on Intune end if the one on CM end would not be enforced on clients anymore?
No. If the workload is switched for a device but there is no Intune enforced policy for Windows Defender, then the ConfigMgr agent will continue to enforce the assigned Defender policy from ConfigMgr. From memory, you'll be able to see evidence of this in the comanagementhandler.log.
Hi @Bojan Zivkovic ,
Haven't heard from you for some time, is Jason's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.
If you have any other issues, please don't hesitate to let us know.
Thanks and have a nice day.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
In case of conflict I guess Intune end will take precedence (if managing workload)? What about settings not conflicting with each other (for instance something defined in MECM but not in Intune - will they merge)?
In case of conflict I guess Intune end will take precedence
If the workload is set to Intune, yes, Intune will win -- that's the point of the workload slider.
will they merge
No, never, As noted, that's the entire point of an admin configurable workload using the sliders.
Since I am mostly concerned here about devices being outside the LAN most of the time, is implementing CMG waste of time and money for companies having Intune too? What I do not really like in Intune is handling 3rd party apps updates (we use Patch My PC Publishing Service internally and it works fine with MECM) but having CMG just for 3rd party apps updates looks like overkill. We have strong emphasis on security so having OS and apps up to date is top priority.