Issues with Defender for endpoint configuration

Lukas 20 Reputation points
2023-02-27T07:51:41.69+00:00

Hello,

I wanted to ask few questions regarding the Microsoft defender and Intune

We have 75 test licenses (25 from business premium and 50 from endpoint plan 2 which as far as i know are two separate ones with different functionality)

Below things were tested on the endpoint running Windows 11 pro (fully updated).

  • Is there a way to see how defender licenses are distributed? By that i mean which machines and users are taking spots and how many spots are left for use. I have tried to look into Settings > Endpoints > Licenses in the Microsoft Defender Security Center portal but there was no information, just number of licenses.
  • How to ad device that is linked to a local domain into the intune? I have tried DSRegTool and Company portal but both failed. No error on DSRegTool and "Your device is already being managed by an organization" error on company portal. Device has status "Azure AD registered" in Azure portal and is fully updated. Using azure AD connect seem to be one possibility but it is not possible for us at the moment. I god multiple people confirming that is is possible joing without ad connect, but no one could provide instructions to fix this.
  • How to stop windows defender for endpoint from detecting false positive? I have tried to add indicator with the files checksum according to the https://learn.microsoft.com/en-us/microsoft-365/security/defender/m365d-autoir-report-false-positives-negatives?view=o365-worldwide but there is no effect. Tested laptop has no intune installed. Tested file was Eicar test file
  • Scanning of files downloaded from the internet seem broken as it does not affect files downloaded via Edge, i have confirmed it working on firefox. Is that expected behavior? Best Regards
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,303 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
148 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pavel yannara Mirochnitchenko 11,616 Reputation points
    2023-02-27T10:26:50.3133333+00:00

    2nd question: To link only to Defender you can do it with onboarding packages. Use local package and you could use Group Policy Preferences - Task Scheduler to distribute it. To link/join to Intune - AD Connect and Hybrid AAD join is required.

    4nd question: Look at Security Baseline for Edge, it has smart screen and other settings probably for that.

    0 comments No comments

0 additional answers

Sort by: Most helpful