This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hello,
I would like users to be able to use Defender for Business on their mobile devices. But these devices are personal.
In order for the user to be able to install the IP successfully log into the Defender, he is prompted to install the Company Portal. Company Portal then creates a work profile, which I would like to avoid.
Can I add a device to Defender Endpoint Protection without MDM Intune Enrollment and without installing Company Portal. The maximum allowed device registration as MAM.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Denis Pasternak, Thanks for posting in Q&A.
For your phenomenon, I wonder if you have configured conditional access policy requires device to be marked as compliant. If yes, then the device will be asked to install company portal to enroll when access the cloud resource.
Also, you can use the Microsoft Defender for Endpoint app with the approved client app policy in Intune to set the device compliance policy to Conditional Access policies. There's no exclusion required for the Microsoft Defender for Endpoint app while you're setting up Conditional Access. Although Microsoft Defender for Endpoint on Android and iOS (app ID dd47d17a-3194-4d86-bfd5-c6ae6f5651e3) isn't an approved app, it has permission to report device security posture. This permission enables the flow of compliance information to Conditional Access.
But from your description, I know we use Microsoft Defender for Business instead of Microsoft Defender for Endpoint. Please contact Microsoft Defender for Business support to confirm if it supports to set the device compliance policy to conditional Access policies. If not, I think we need to change the grant in conditional access policy to bypass the installation of company portal.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
That's right, so there is a conditional access policy that requires the device to comply.
I will change it and let you know about the roseate.
Yes, I would like to just use the Defender on the device, so that they are also centralized in the Security Center. Obtain from them in case of an incident.
However, I want to ditch the corporate portal and second work profile.
Thank you.!
I removed my account from Conditional Access. No my account don`t have any conditional access rule.
But now I see other message. Authenticator is already installed, so I tried to reinstall Defender.
After reinstalletion
@Denis Pasternak, Thanks for the reply. From your description, I know all the conditional access policies are removed from your user account. And for the first picture, I find it is asked for Microsoft Authenticator app to register your device into Azure AD.
Could you confirm if you are onboarding your device to Microsoft Defender for Business? If yes, based on my researching, I think you can try the local script method in the following link to do this.
Hello @Mountain Pond !
This is very challenging due to to different enrollment options for Apple and Android
Based on this
It is Recommended to use Work Profile
But for Android here is the link
You have to allow Device Administrator option in Intune
For Apple
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
It looks like there is only one way for me to use Defender for Business on personal devices.
Install Company Portal - required
Company Portal will create a work profile - required
After that, Defender will be downloaded or you can install it yourself, only in this case the user will be able to log in to it and it will work with the corporate security center.