New Update (in Preview) for Defender for Endpoint: Enroll devices without joining them to Azure AD:
New Update (in Preview) for Defender for Endpoint: Enroll devices without joining them to Azure AD:
You need to enable the preview-feature in the Defender for Endpoint-Portal: Settings > Endpoints > Advanced features > Preview features
And create a dynamic group based on the systemLabels property containing the “MDEManaged” value to get all MDE-managed devices
“Important: If a Windows device was managed by Defender for Endpoint via security settings management for Defender for Endpoint but was unable to enroll due to not being Azure AD joined or Hybrid Azure AD joined, these devices will now succeed enrollment and policies targeted to the device will apply. Once enrolled, the device will appear in the device lists for Microsoft 365 Defender, Microsoft Intune, and Azure AD portals. Note that while the device won’t be fully registered with Azure AD it’ll still count as one device object.”
