This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 31%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
We have onboarded our Windows Virtual Desktop into Windows Defender using the below link and they enrolled just fine:
However, the issue is we do not see any of our WVD machines in Intune like we do other servers. Other servers that are onboarded to Defender show up in Intune as Managed By MDE and MDE is how those servers get our Defender policies. Since WVD is in Defender, but not being managed by MDE, it is not getting our Defender policies. Any help on what we can do to accompolish this is much appreciated!
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hi
Since you didn't mention much detail about your WVD subscription architecture.
--- if you find this useful , please accept the answer -----
Hello mwhite
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Security management for Microsoft Defender for Endpoint will not work on non-persistent desktops, like Virtual Desktop Infrastructure (VDI) clients or Azure Virtual Desktops.
Ref: https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?view=o365-worldwide
Hope this helps.
If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.
I did not realize you cannot apply security policies for Defender to VDI clients...with that said, then how would we enforce Defender security settings on our VDI clients? Right now they are onboarded to Defender, but how does Defender manage the security for our VDI clients? Thank you for your help!
@vipullag-MSFT so just by simply onboarding VDI to Defender and we can see it in Defender, is there any sort of default security policy being applied to those VDI devices? Any sort of protection at all? All of our workstations and servers get their Defender policy settings from Intune (servers via MDE) and as you pointed out, VDI does not work with MDE. Thanks!
Hello mwhite
Apologies in delayed response on this. We noticed that you rated an answer as not helpful.
Requesting you to check below information to see if that is helpful.
The devices need to either enroll into Intune or use GPO. You can also raise a support request with the Defender team if there are more options.
If you don't have a support plan enabled on your subscription, I request you to send an email to AzCommunity@Microsoft.com with Subject as "Attn:Vikas" referencing this thread along with your subscription ID. I can then enable your subscription with a one-time free technical support.
Once the issue is resolved, request you to post the resolution here for the benefit of community.
If the provided information is helpful, request you to take a resurvey.
@vipullag-MSFT Thank you for the reply. So I am trying to enroll my multi session AVD into Intune and setup a GPO to enroll with device credential, but I am getting error codes Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x8018002b) and Auto MDM Enroll: Device Credential (0x1), Failed (Unknown Win32 Error code: 0x80180001) when trying to enroll. Any ideas?
Thanks!
Hello mwhite
This issue needs deeper investigation. Support team will be able to check and help on this. I would recommend you to open a azure support case.
@vipullag-MSFT Hi, I opened a ticket about two weeks ago but unfortunately the tech has not replied to me in over a week. The ticket is open with Intune support since I cannot get AVD to enroll into Intune.