HTMD Community | MDE Portal Security Settings Policy Creation and Troubleshooting using Windows Sense Event Logs @htmdcommunity | Uploaded 11 months ago | Updated October 05 2023
You can now create the security policies from MDE Portal. Learn how to create Security Settings Policy and perform Troubleshooting using Windows Sense Event Logs.
#msintune #mde #microsoftdefender #microsoftintune #securitypolicies #windows
You get the Microsoft Defender for Endpoint New Setting Management Experience from this video.
MDE Troubleshooting Tools | Microsoft Defender for Endpoint - https://youtu.be/vGlqBRbpGJU
==
Microsoft Defender for Endpoint New Setting Management Experience - Enable New MDE Security Settings Management Experience -
⭐https://www.anoopcnair.com/new-mde-security-settings-management-experience/
==
Microsoft Defender for Endpoint New Setting Management Experience?
MDE Security Settings Policies
Scope Tags and Assignment Filters?
Troubleshooting on Policy Deployment Issues?
You can create Security Settings from the MDE portal
Assignment options are available
Filter and Scope options are still missing (Coming soon?)
==
Azure AD Entra ID Group for Microsoft Sense?
Entra Dynamic group cover to cover MDE Managed Devices
(device.managementType -eq "MicrosoftSense")
==
No Policies have been applied to this Device?
No policies have been applied to this device message is normal for MDE managed devices.
It takes more than 40 minutes (officially it’s 90 minutes) to reflect the policies over here.
Even if you try the policy sync option from MDE
==
MDE Security Settings Troubleshooting?
Check the policy settings details from the MDE portal
Get more details from Intune Portal (if you are familiar with that)
==
MDE Security Settings Event Logs - Microsoft Sense Event Logs
Event ID 60 Failed to run command endpointconfigmanagementcheckincommand, error: 0xFFFFFFFF80072713.
Event ID 2001 - SenseCM: WRN: Import/Setup error on WindowsSecurityExperience.psm1, HResult: -2147024894.This warning is only relevant for private preview customers. Error message: The specified module 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\SenseCM\WindowsSecurityExperience.psm1' was not loaded because no valid module file was found in any module directory.
Event ID 2001 - SenseCM: WRN: AV::VerifyAssignment failure for ExcludedExtensions, value:. Expected value is null. SenseCM: WRN: AV::VerifyAssignment failure for ExcludedExtensions, value:. Expected value is null.
==
New Updated Infrastructure to deliver the enhanced experience?
Any new devices enrolled in security settings management for Defender for Endpoint will use the updated infrastructure.
==
What is changed?
Suppose a Windows device is managed by security settings management for Defender for Endpoint but has been unable to enroll due to not being Azure AD joined, or Hybrid Azure AD joined. In that case, these devices will be able to be enrolled, and policies targeted to the device can be applied. Once enrolled, the device will appear in the device lists for Microsoft 365 Defender, Microsoft Intune, and Azure AD.
==
MDE Synthetic Device Registration?
For devices that haven't been registered, a synthetic device identity is created in Azure AD to enable the device to retrieve policies.
==
Policy Enforcement for MDE-managed devices?
Policies retrieved from Microsoft Intune are enforced on the device by Microsoft Defender for Endpoint.
==
Prerequisites for MDE Managed Devices?
For MDE-managed devices
When a device is managed by Intune (enrolled to Intune), the device doesn't process policies for Defender for Endpoint security settings configuration. Instead, use Intune to deploy the policy for Defender for Endpoint to your devices.
When a device receives a policy, the Defender for Endpoint components on the device enforces the policy and reports on the device's status.
The device's status is available in the Microsoft Intune admin center and the Microsoft 365 Defender portal.
==
Non Persistent AVDs/Citrix VDIs are not supported
Security settings management doesn't work on non-persistent desktops, like Virtual Desktop Infrastructure (VDI) clients or Azure Virtual Desktops.
==
Microsoft Docs to refer to get the full picture
https://techcommunity.microsoft.com/t5/intune-customer-success/update-to-enrollment-pre-requisites-for-windows-devices-managed/ba-p/3847037
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?pivots=mdssc-preview
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-machines-onboarding?view=o365-worldwide&source=recommendations
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-security-policies?view=o365-worldwide
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/manage-security-settings-for-windows-macos-and-linux-natively-in/ba-p/3870617
MS Docs on MDE Troubleshooting Onboarding https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide
===
You can now create the security policies from MDE Portal. Learn how to create Security Settings Policy and perform Troubleshooting using Windows Sense Event Logs.
#msintune #mde #microsoftdefender #microsoftintune #securitypolicies #windows
You get the Microsoft Defender for Endpoint New Setting Management Experience from this video.
MDE Troubleshooting Tools | Microsoft Defender for Endpoint - https://youtu.be/vGlqBRbpGJU
==
Microsoft Defender for Endpoint New Setting Management Experience - Enable New MDE Security Settings Management Experience -
⭐https://www.anoopcnair.com/new-mde-security-settings-management-experience/
==
Microsoft Defender for Endpoint New Setting Management Experience?
MDE Security Settings Policies
Scope Tags and Assignment Filters?
Troubleshooting on Policy Deployment Issues?
You can create Security Settings from the MDE portal
Assignment options are available
Filter and Scope options are still missing (Coming soon?)
==
Azure AD Entra ID Group for Microsoft Sense?
Entra Dynamic group cover to cover MDE Managed Devices
(device.managementType -eq "MicrosoftSense")
==
No Policies have been applied to this Device?
No policies have been applied to this device message is normal for MDE managed devices.
It takes more than 40 minutes (officially it’s 90 minutes) to reflect the policies over here.
Even if you try the policy sync option from MDE
==
MDE Security Settings Troubleshooting?
Check the policy settings details from the MDE portal
Get more details from Intune Portal (if you are familiar with that)
==
MDE Security Settings Event Logs - Microsoft Sense Event Logs
Event ID 60 Failed to run command endpointconfigmanagementcheckincommand, error: 0xFFFFFFFF80072713.
Event ID 2001 - SenseCM: WRN: Import/Setup error on WindowsSecurityExperience.psm1, HResult: -2147024894.This warning is only relevant for private preview customers. Error message: The specified module 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\SenseCM\WindowsSecurityExperience.psm1' was not loaded because no valid module file was found in any module directory.
Event ID 2001 - SenseCM: WRN: AV::VerifyAssignment failure for ExcludedExtensions, value:. Expected value is null. SenseCM: WRN: AV::VerifyAssignment failure for ExcludedExtensions, value:. Expected value is null.
==
New Updated Infrastructure to deliver the enhanced experience?
Any new devices enrolled in security settings management for Defender for Endpoint will use the updated infrastructure.
==
What is changed?
Suppose a Windows device is managed by security settings management for Defender for Endpoint but has been unable to enroll due to not being Azure AD joined, or Hybrid Azure AD joined. In that case, these devices will be able to be enrolled, and policies targeted to the device can be applied. Once enrolled, the device will appear in the device lists for Microsoft 365 Defender, Microsoft Intune, and Azure AD.
==
MDE Synthetic Device Registration?
For devices that haven't been registered, a synthetic device identity is created in Azure AD to enable the device to retrieve policies.
==
Policy Enforcement for MDE-managed devices?
Policies retrieved from Microsoft Intune are enforced on the device by Microsoft Defender for Endpoint.
==
Prerequisites for MDE Managed Devices?
For MDE-managed devices
When a device is managed by Intune (enrolled to Intune), the device doesn't process policies for Defender for Endpoint security settings configuration. Instead, use Intune to deploy the policy for Defender for Endpoint to your devices.
When a device receives a policy, the Defender for Endpoint components on the device enforces the policy and reports on the device's status.
The device's status is available in the Microsoft Intune admin center and the Microsoft 365 Defender portal.
==
Non Persistent AVDs/Citrix VDIs are not supported
Security settings management doesn't work on non-persistent desktops, like Virtual Desktop Infrastructure (VDI) clients or Azure Virtual Desktops.
==
Microsoft Docs to refer to get the full picture
https://techcommunity.microsoft.com/t5/intune-customer-success/update-to-enrollment-pre-requisites-for-windows-devices-managed/ba-p/3847037
https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?pivots=mdssc-preview
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-machines-onboarding?view=o365-worldwide&source=recommendations
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-security-policies?view=o365-worldwide
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/manage-security-settings-for-windows-macos-and-linux-natively-in/ba-p/3870617
MS Docs on MDE Troubleshooting Onboarding https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide
===