The Microsoft Defender onboarding through Intune process enables advanced EDR protection (Endpoint Detection and Response) on Windows devices by connecting the Microsoft Intune cloud environment with Microsoft Defender for Endpoint. This setup makes it possible to centrally manage endpoint security and deploy protection policies directly through Microsoft services.
Configure the Intune-Defender connector
The first step is to enable the integration between Intune and Microsoft Defender for Endpoint, so Windows devices can be properly onboarded to the advanced protection service.
- Go to Tenant administration.
- Open Connectors and tokens and select Microsoft Defender for Endpoint.
- Enable the option Allow Microsoft Defender for Endpoint to enforce endpoint security configurations.
- Enable the option Connect Windows devices version 10.0.15063 and above to Microsoft Defender for Endpoint.
- Click Save to confirm the configuration.
Configure the MDM scope in Microsoft Entra
To allow devices to be enrolled correctly in Microsoft Intune, you need to configure the MDM scope in the Microsoft Entra portal.
- Search for and open Mobility (MDM and MAM) in the Azure or Entra portal.
- Select Microsoft Intune.
- Set MDM user scope to All.
- Set Disable MDM enrollment when joining these devices to Microsoft Entra... to No.
- Copy the MDM discovery URL for future use and click Save.
Register the Windows device
After completing the tenant-side configuration, you can proceed with device enrollment in Intune to enable management and onboarding to Defender.
- On the Windows PC, go to Settings > Accounts > Access work or school.
- Click Connect and enter the corporate credentials.
- If an error occurs, select Enroll only in device management and enter the previously saved MDM URL.
- Verify that the device appears in Intune > Devices > All devices.
Create the security group
To assign the EDR policy correctly, it is recommended to create a dedicated security group containing the device objects that must be managed.
- Go to Groups and click New group.
- Set Group type to Security.
- Enter a suitable Name and Description based on the policy you want to apply.
- Under Members, add the Device object, not the user account.
- Click Create.
Create and deploy the EDR policy
The final step is to create the Endpoint Detection and Response policy in Intune and assign it to the security group created earlier.
- Open Endpoint security > Endpoint detection and response.
- Click Create policy, then choose Windows platform and the Endpoint detection and response profile.
- Set Package type to Auto from connector.
- In the Assignments section, add the security group created in the previous step.
- Review the configuration summary and click Save.
Important note
For a successful Microsoft Defender for Endpoint onboarding with Intune, the device must be correctly enrolled in Intune and the connector between the two services must be active. Otherwise, the EDR policy may not be applied and the device may not appear correctly in the management and security portals.
