@Rizwan Assad , Based on my understanding, when we set this option to On, all devices in the platform scope in Microsoft Defender for Endpoint that aren't managed by Microsoft Endpoint Manager will qualify to onboard to Microsoft Defender for Endpoint. This will mot enforce any settings that are already there in endpoint manager for all the devices.
We can set "enforcement scope" to use the proper device tags to test. Then the setting like "Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations" will only affect these devices. Enabling this setting allows supported agents to report the status of applied profiles to Microsoft Endpoint Manager, and agents will appear in device views and reports relevant to Endpoint Security profile management. You can check the status via the report to confirm.
Meanwhile, when you deploy a policy that’s supported for both MDE security configuration and Microsoft Endpoint Manager, a single instance of that policy can be processed by devices that run MDE only and devices that are managed by either Intune or Configuration Manager.
In addition, to apply the security policy in Intune, we need to assign the policy to the device group. So if there's no policy assigned. It will not applied either. Here is a link with more details for your reference:
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.