With Microsoft Endpoint I want to push Microsoft Defender permissions and other requirements with app configuration policies, but how to do this without user input?

Question

When enrolling new phones, users have to setup Defender manually:

1 Log in with domain account.

2 Accept Defender's terms.

3 Begin Android permissions bits...

4 Turn on All Files Access permission.

5 Accept VPN connection set up request [this is the only step I've found a possible zero-touch solution for online].

6 Turn on Appear On Top permission.

7 Agree to Accessibility services.

8 Accessibility > Installed Apps > Microsoft Defender > Turn this on > Then tap Allow.

9 Allow 'Stop optimising battery usage' for Defender.

10 Phone is then protected.

See this Reddit post: Microsoft Defender for Endpoint on Android - Intune Deployment. : r/sysadmin (reddit.com)

I can't believe that there isn't a solution for this. How am i supposed to roll this out to thousend of users?

I hope there is a solution.

Answer 1

@Jesse ten Hoeve, Thanks for posting in Q&A. For your request, you can feedback to Microsoft 365 Defender to see if the new feature can be added in the future.

https://feedbackportal.microsoft.com/feedback/forum/d7dd1275-f65e-ed11-9562-000d3a4e3f39

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.