Share via

Defender for Endpoint through ConfigMgr but showing up as managed by Intune when Hybrid Joined

JG 396 Reputation points
Apr 21, 2023, 12:27 PM

Hi, I'm testing onboarding PCs to Defender for Endpoint via ConfigMgr. However, 3 out of my 4 test devices are also hybrid joined (testing). These 3 devices are showing up as managed by Intune in the security portal. These devices are not configured for Intune co-management in ConfigMgr. I'm assuming as hybrid-joined is a pre-req from Intune managemnt this is why this is showing, however, i need to know-

  1. Will these devices use the policies i have configured in ConfigMgr? or
  2. Will i need to create policies in Intune for Defender for Endpoint to manage these devices and if so
  3. Will this impact the other existing policies or devices in ConfgMgr (conflict?) or
  4. is this irrelevant since ive not setup co-managemnt workload for these devices (even though they are hybrid-joined) Thanks User's image
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
3,009 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,569 questions
Microsoft Configuration Manager
0 comments
Accepted answer
  1. Crystal-MSFT 52,416 Reputation points Microsoft External Staff
    Apr 25, 2023, 2:02 AM

    @JG, Thanks for the reply. From your description, it seems the Endpoint Protection workload is still on Configuration Manager. Based as I know, the device configuration workload includes settings that you manage for devices in your organization. Switching this workload also moves the Resource Access and Endpoint Protection workloads. Please check if the Device configuration is switched.

    https://learn.microsoft.com/en-us/mem/configmgr/comanage/workloads#device-configuration

    Meanwhile, to double confirm which workload has been switched on the affected device, we can go to Intune portal, Devices->find one affected device and check the Intune managed workloads on it. User's image

    Please check the above information and if there's any update, feel free to let us know.

    1 person found this answer helpful.
    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 9,871 Reputation points Microsoft Employee
    Apr 23, 2023, 3:58 AM

    As you implied, this where the device is getting its config policy. MDE managed is for unmanaged devices (like personal devices) and unknow would be GPO or local script.

    I am not certain if 'Intune' includes co-managed. Since the device policy would still be Intune (co-manage defers to Intune). Replacing rather than conflicting with MECM. These policies are set in the Endpoint Security section in Intune. There is a baseline policy and sever MDE/MDAV specific policies. You scope these policies as needed so you can test without impacting all systems. There is no auto resolution of policy conflicts within Intune and between solutions. Conflicts need to be identified and resolved manually.
    User's image

    1 person found this answer helpful.
    0 comments
  2. GJ-65345 5 Reputation points
    Apr 25, 2023, 2:13 PM

    Thanks @Crystal-MSFT Our device configuration workload is is still ConfigMgr. Thanks for the clarification, it seems to be working as expected, although the security portal just throws a curve ball and confuses matters by saying they are managed by Intune!

    1 person found this answer helpful.
  3. Crystal-MSFT 52,416 Reputation points Microsoft External Staff
    Apr 24, 2023, 2:43 AM

    @JG, Thanks for posting in Q&A. From your description, it seems you want to your devices to be managed by Configuration Manager. But 3 of 4 devices show up seem managed by Intune.

    Before going on, I would like to firstly confirm some information:

    1. Please check if these devices exist under Devices->All devices in Intune portal.
    2. What is the "Managed By" for these affected devices?

    Please confirm the above information and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  4. JG 396 Reputation points
    Apr 24, 2023, 1:51 PM

    thanks @Crystal-MSFT

    1. yes they do
    2. The 3 test devices (that are HAAD joined and say Intune in the above picture), say co-managed in the 'Managed by'. The other says 'ConfigMgr' I have noticed that those that say 'co-managed' have this in the informartion pane when you select a device: Co-management This Windows PC is being co-managed between Intune and Configuration Manager. Configuration Manager agent state is shown below, if the state is anything other than “Healthy” there are a few steps that help with this. Learn more Intune managed workloads Compliance Policy (this is selected as a pilot workload in ConfigMgr) So from here it appears to be correct- i think it is very confusing. I had to create a tamper protection policy in Intune to deploy to my ConfigMgr collection that is onboarding DfE clients. So it appears to be using policies from both Intune and ConfigMgr.... (while i have not switched the workloads in ConfigMgr for these clients for endpoint protection to either pilot or Intune!)
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.