{"id":2809,"date":"2023-02-22T14:11:10","date_gmt":"2023-02-22T14:11:10","guid":{"rendered":"https:\/\/modern-workplace.uk\/?p=2809"},"modified":"2023-03-07T11:37:49","modified_gmt":"2023-03-07T11:37:49","slug":"teams-virtual-sbc-closing-azure-network-ports-warnings-for-azureloadbalancer-and-virtualnetwork-2-2-2-2-3-2-3-2-2-2-2-2-3-2-2-3-2-3-2-2-2-3-2-2-2-2","status":"publish","type":"post","link":"https:\/\/modern-workplace.uk\/?p=2809","title":{"rendered":"Do my Android Devices (Registered in Intune) have Microsoft Defender for Endpoint Installed?"},"content":{"rendered":"\n
\n\n\n\n

To make Microsoft 365 administrators’ life easier, it is possible to deploy Defender for Endpoint (Defender) on Android devices registered on Microsoft Endpoint Manager (Intune) as you can see here Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager | Microsoft Learn<\/a>).<\/p>\n\n\n\n

However, what is missing is a report that unifies the information stored in Intune and the ones in Defender, so that is possible to understand how many Intune registered devices are still missing the Defender deployment.<\/p>\n\n\n\n

The Intune portal gives you an export of the registered Android devices<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

The Defender portal gives you an export of all the devices<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

However, the Defender export does not give you any ID number that you can use to match with the Intune export.<\/p>\n\n\n\n

Digging into the Defender reports, at a single device level, you will see a “Device AAD id” value. That could be an useful link to the Intune report that has an “Azure AD Device ID”. However the Defender export does not give you this information<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Time for GitHub<\/p>\n\n\n\n

Time to use the Microsoft Defender for Endpoint PowerShell module. It is (quoting the GitHub page) “a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender for Endpoint API”.<\/p>\n\n\n\n

GitHub – alexverboon\/PSMDATP: PowerShell Module for managing Microsoft Defender Advanced Threat Protection<\/a><\/p>\n\n\n\n

The module requires the registration of an app in the Azure portal and assigning permissions. <\/p>\n\n\n\n

When everything is in place, just run the following command (exporting to your favourite folder)<\/p>\n\n\n\n

Get-MDATPDevice -All -Verbose | Export-Csv c:\\script\\DefenderExport.csv<\/code><\/p>\n\n\n\n

Now you can match the information from Defender (using the aadDeviceId in the DefenderExport.csv file) with the export you did from Intune (using the “Azure AD Device ID” value) using your favourite tool (I was comfortable with Excel)<\/p>\n\n\n\n

All the devices in the Intune export not listed in the Defender export require some attention \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

How do you check how many Intune registered Android devices are still missing the Defender deployment?
\nFollow the steps here to find this information.
\nTo give a bit of background: it is possible to deploy Defender for Endpoint (Defender) on Android devices registered on Microsoft Endpoint Manager (Intune) as you can see here Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager | Microsoft Learn).
\nHowever, there is no report that unifies the information stored in Intune and the ones in Defender.<\/p>\n","protected":false},"author":1,"featured_media":2818,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","twitterCardType":"","cardImageID":0,"cardImage":"","cardTitle":"","cardDesc":"","cardImageAlt":"","cardPlayer":"","cardPlayerWidth":0,"cardPlayerHeight":0,"cardPlayerStream":"","cardPlayerCodec":"","footnotes":""},"categories":[810,753,757],"tags":[762,11,812,813,811,768,759,77],"class_list":["post-2809","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-810","category-microsoft365","category-office-365","tag-microsoftteams","tag-android","tag-defender","tag-defender-for-endpoint","tag-endpoint-manager","tag-intune","tag-microsoft-365","tag-office-365"],"_links":{"self":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts\/2809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2809"}],"version-history":[{"count":2,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts\/2809\/revisions"}],"predecessor-version":[{"id":2819,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts\/2809\/revisions\/2819"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/media\/2818"}],"wp:attachment":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}