Microsoft Defender for Endpoint Plan 1 without intune, application control available?

Question

Hi all,

I am quite confused on Microsoft license.
If I would apply Attack surface reduction such as application control, only Microsoft Defender for Endpoint Plan 1 without Intune is it available?

Since I found that the link as below mention that MDE Plan 1 include Attack surface reduction
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1

But I also found that the link as below mention Attack surface reduction required Microsoft Endpoint Manager, not support by MDE Security configuration
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/security-config-management

And I found the deployment guide, it can be use Intune to deploy.
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide

So, what is the license I need to have? Is it means that I can deploy via script if I only have MDE Plan 1 without Intune?

Answer 1

@Joe Kwok ， For Intune, it is a cloud service and can help deploy the policy to devices . Like the policies under Attack surface reduction. If you have other methods to deploy the policy setting like script. I think you can work without Intune.

Hope it can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.