![]() Then, use the following expression to capture the devices managed by MDE: Name it something descriptive like “ MDB Standalone Devices” or similar. Start by creating a Dynamic device-based security group. Since the purpose of this blog is to highlight the boundaries and limitations of MEM with regard to these standalone devices, let’s examine the option to assign policies from Endpoint Manager. We can either use the Microsoft 365 Defender Security Center (you will find it under Configuration management > Device configuration), or we can use MEM. Let’s say you want to assign policies to your standalone devices. I will also add that in addition to the device inventory and device actions, the Vulnerability management functionality that we have via the Microsoft 365 Defender Security Center is still available and visible for standalone devices. You will also notice that not all the data are available for standalone devices, because they are not enrolled with Intune (therefore things like Compliance cannot be evaluated).įinally, you will notice that we can still take all the same actions against standalone devices, such as Isolate device, R estrict app execution, Run antivirus scan, Collect investigation package, Initiate Live Response Session, etc. Those devices which are managed by MDE are the so-called “standalone” devices. You will notice in both cases that there is a column called Managed by which will indicate whether the device is being managed by Intune or MDE (which is the Enterprise term for MDB). We should be able to see it from the Defender Security Center: Okay, now that the script has been run, we expect the device to show up in our inventory. With those settings in place, let’s onboard a device named “ Workstation10” using the local script method (you could also use GPO or other methods, but just note that you cannot use MEM to onboard the device in this scenario since the requisite license is not available and the device is not enrolled into the service). Then, check Microsoft Endpoint Manager by navigating to Endpoint Security > Microsoft Defender for Endpoint.īe sure that the option Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations is switched to On, and Save settings if necessary. You will want to turn On the setting called Use MDE to enforce security configuration settings from MEM and select the OS choices below (and yes: Windows Server support is coming soon to the Business product). Begin by navigating to Settings > Endpoints from the Microsoft 365 Defender Security Center, and click on Enforcement scope. Next, we want to check on a couple of settings related to this scenario. For this purpose, I created a new user named “Mark Twain” in my tenant, and assigned the MDB standalone product. ![]() In the first place, I need to actually purchase and assign the standalone license product to the correct users. Let’s take a look at an example where I have onboarded a new “standalone” device into a tenant where I also happen to have some “fully licensed” Microsoft 365 Business Premium users. In fact, just enough of the MEM product is activated to make basic policy deployment possible for the “standalone” scenario. At the same time, some functionality within Endpoint Manager will still be available, even without the “complete” license set. As well, certain functionality in the Microsoft 365 Lighthouse product may rely on the presence of the Intune licenses in order to work. For example, the “ Automatic onboarding” option during the first-run wizard experience requires devices to be enrolled with Endpoint Manager already. Some of the MDB-related services will function much in the same way as you are used to with the full product, however, you should be aware that certain services would only be available with an Intune license (Microsoft Endpoint Manager). Using the standalone SKU, you could theoretically onboard devices and start providing protection, ahead of deploying other services, and with far less upfront licensing commitment. The use case? Consider a scenario where the customer is using a different productivity platform such as Google Workspace, or they haven’t yet made the transition to other Microsoft 365 services. Yes, it is true, there is indeed a standalone version (USD $3/user/month), which was announced last month. But a subset of folks have asked about the “Standalone” version of Microsoft Defender for Business. And a majority of those will be deploying MDB as one part of a broader security solution which includes other services within the Business Premium bundle. Most of my readers will already be familiar with Microsoft Defender for Business (MDB), which is included with Microsoft 365 Business Premium. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |