We triggered hybrid joining through GPO (HAADJ and Azure AD Primary Refresh Token).While there are several ways of achieving this, we ended up managing this through a combination of Group Policy Objects: This is essentially your first step, and it took us quite an inordinate amount of time to hunt for, and remediate, faulty machines : simply broken, sitting on closed networks, old proxy settings lingering, etc.
Lesson #1 - Get your devices properly Hybrid Azure AD-Joined and in turn Intune enrolled I do not intend to drown you under technical details or tell you ours is the only way, but rather give you hints and directions on a number of topics based on real-world experience. Onboarding devices to Microsoft Defender for Endpoint using Microsoft Intune and Configuration Manager (from the Defender deployment strategy guide at Microsoft) We had several options to choose from, for the deployment itself, but settled on an hybrid one simply because even if going full Cloud for managing our endpoints has been our strategic direction for quite some time now, we were just not ready yet ! So this will be of particular interest to organisations like ours that simply cannot go straight to AAD / Intune / Defender. Financial gains and loss of trust in our previous security provider.Get better visibility, insights and control over our endpoints no matter where they are (Internal network, VPN or Internet).Improve our EDR (Endpoint Detection & Response) capabilities since the focus these days is no more on signature-based "traditional" antivirus.Move away from an internal solution, and switch to a Cloud-based solution from Microsoft for better integration, less operational burden, etc.Some things have changed a little bit since then but most of what I am going to cover still applies.Ī little bit of context : we decided to change our then current endpoint security solution for various reasons, the most important of which were: These come from a sizable deployment of 70 000+ endpoints, mostly physical Windows 10 devices, but not only, we completed earlier this year in an hybrid environment ( Active Directory, System Center Configuration Manager, Azure Active Directory and Intune) which roughly took ~7 months from start to finish, engineering included.
0 kommentar(er)
