| title | Tenant attach - Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the Microsoft Intune admin center |
|---|---|
| description | Deploy Microsoft Defender for Endpoint Detection and Response (EDR) onboarding policies to Configuration Manager managed clients from the admin center. |
| ms.date | 03/21/2022 |
| ms.topic | how-to |
| ms.subservice | core-infra |
| ms.collection | tier3 |
Tenant attach: Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the admin center
Applies to: Configuration Manager (current branch)
The Microsoft Intune family of products is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Intune admin center. You can deploy Microsoft Defender for Endpoint onboarding policies to Configuration Manager managed clients. These clients don't require Microsoft Entra ID or MDM enrollment, and the policy is targeted at ConfigMgr collections rather than Microsoft Entra groups.
[!INCLUDE Prerequisites for Configuration Manager tenant attached devices]
- Microsoft Intune and Microsoft Defender for Endpoint integration enabled
- Client which meets the minimum requirements for, and is onboarded to Microsoft Defender for Endpoint.
-
Sign in to the Microsoft Intune admin center.
-
Select Endpoint security > Endpoint detection and response > Create Policy.
-
Select the following platform and profile for your policy:
- Platform: Windows 10, Windows 11, and Windows Server (ConfigMgr)
- Profile: Endpoint detection and response (ConfigMgr)
-
Select Create.
-
On the Basics page, enter a name and description for the profile, then choose Next.
-
On the Configuration settings page, configure the settings you want to manage with this profile. The onboarding package is automatically included and isn’t something you can configure.
When your done configuring settings, select Next.
-
On the Assignments page, select the collections that will receive this policy. Select collections from Configuration Manager that you’ve synced to Microsoft Intune admin center and enabled for Microsoft Defender for Endpoint policy.
You can choose not to assign collections at this time, and later edit the policy to add an assignment.
When ready to continue, select Next.
-
On the Review + create page, when you're done, choose Create.
The new profile is displayed in the list when you select the policy type for the profile you created.
[!INCLUDE Device status for Configuration Manager tenant attached devices]