Share via

how to move MDE managed devices into Intune - HybridAADJoined

Dinesh Loganathan 30 Reputation points
2024-01-28T22:47:49.8066667+00:00

A short background info: My environment is using an external IDP that do not support WS-Trust protocol, therefore we were unable to automatically enroll our domain joined,Hybrid AAD Joined windows 10 devices to intune (using gpo) So we decided to only onboard the devices to MDE and manage them with the MDE-Management tag so that the device will create a synthetic registration to Intune ( this is not a full enrollment into Intune)  All of my windows 10 devices are Domain joined + Hybrid AAD Joined + Onboarded into MDE and the security management is MDE.   Now, I have resolved the WS-Trust issue by implementing ADFS. New devices that are joined to AD is fully functional and getting enrolled into Intune and the Managed By status is "Intune" no issue here   Issue/Question: What will happen if I enable automatic Intune enrollment to the old/existing Windows 10 devices that are already onboarded to MDE have a synthetic registration in Intune and are Managed by status MDE? What is the correct procedure for moving the MDE-enrolled devices to Intune enrolled?    User's image

I would highly appreciate your technical advice/suggestion. Thanks in advance  

Microsoft Security | Intune | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff
    2024-01-29T07:59:55.5+00:00

    @Dinesh Loganathan, Thanks for posting in Q&A.

    From your description, I know you are looking for a way to migrate MDE to Intune.

    Based on my research, MDE is not an MDM provider, therefore, you can migrate to Intune with an easier way.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-intune-setup#currently-dont-use-anything

    As for the problem: what will happen if I enable automatic Intune enrollment to the old/existing Windows 10 devices that are already onboarded to MDE have a synthetic registration in Intune and are Managed by status MDE?

    The devices will not process policies for Defender for Endpoint security settings management, which is a feature that allows you to deploy endpoint security policies from Intune to manage the Defender security settings on the devices without enrolling them with Intune.

    Hope this can help you.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.