Modern Workplace 2023,Microsoft 365,Office 365 Do my Android Devices (Registered in Intune) have Microsoft Defender for Endpoint Installed?

Do my Android Devices (Registered in Intune) have Microsoft Defender for Endpoint Installed?


To make Microsoft 365 administrators’ life easier, it is possible to deploy Defender for Endpoint (Defender) on Android devices registered on Microsoft Endpoint Manager (Intune) as you can see here Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager | Microsoft Learn).

However, what is missing is a report that unifies the information stored in Intune and the ones in Defender, so that is possible to understand how many Intune registered devices are still missing the Defender deployment.

The Intune portal gives you an export of the registered Android devices

The Defender portal gives you an export of all the devices

However, the Defender export does not give you any ID number that you can use to match with the Intune export.

Digging into the Defender reports, at a single device level, you will see a “Device AAD id” value. That could be an useful link to the Intune report that has an “Azure AD Device ID”. However the Defender export does not give you this information

Time for GitHub

Time to use the Microsoft Defender for Endpoint PowerShell module. It is (quoting the GitHub page) “a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender for Endpoint API”.

GitHub – alexverboon/PSMDATP: PowerShell Module for managing Microsoft Defender Advanced Threat Protection

The module requires the registration of an app in the Azure portal and assigning permissions.

When everything is in place, just run the following command (exporting to your favourite folder)

Get-MDATPDevice -All -Verbose | Export-Csv c:\script\DefenderExport.csv

Now you can match the information from Defender (using the aadDeviceId in the DefenderExport.csv file) with the export you did from Intune (using the “Azure AD Device ID” value) using your favourite tool (I was comfortable with Excel)

All the devices in the Intune export not listed in the Defender export require some attention ­čÖé