MDE Management
- tlysaa2
- Sep 17, 2023
- 2 min read
I must admit that Defender for Endpoint has gone through some decent changes in 2023. One of my top favorites so far is the MDE management. Not to take away from the Graph APIs as that is another growth product allowing to query at scale. The rapid expansion to the backend APIs we can tie into is neat to watch. However I'll cover that in a separate post later.
Granted MDE management has been in the works for quite a while, at least a year or two, if memory serves me right. Therefore I did ponder on the functional aspect and what it encompassed. No need to fear as it works as expected. Yes, there are some limitations on workloads at this time. The prerequisites ++ can be found here:
MDE traditionally has always been dependent upon a management channel for policies. Such as GPO, SCCM, or Intune. Even multiple solutions could be used, such as, hybrid joined devices when workloads are split between Intune and SCCM. Plus if you lived on premise with AD DS I assume being familiar with the debt GPO policies can run into.
So basically MDE management is leveraging the policy templates in Intune to point towards separate "scopes" with "MDM", and "MicrosoftSense". That allows the policies to flow separate ways, for a subset of the available templates. Sense is quite nifty! That will then go towards what is listed as "unmanaged devices" from the Microsoft perspective. Either you tag devices or include all devices for needed OS. Once enforcement is applied in both tools of course. There is a toggle that needs to be flipped both in MDE and Intune prior where establishing the trust.
Then after onboarding we can create/view policies in MDE under configuration management, and sync devices straight from M365 Defender (not Intune). This is a great move, in my humble opinion, that expands the overall coverage.
It was also neat that it's not only hitting Windows, but both Linux and MacOS is in preview. The AV template got some growth to do, but as it moves towards GA it could go through change of course.
I am very excited for the growth opportunities this brings to the table for MDE.
In general a lot has happened in 2023 across the board, but hopefully they have saved some neat tidbits for Ignite🤞
Comments