Microsoft defender for endpoint confusion

Hello I am Abdal and I would be glad to help you with your question. I'll do my best to answer your questions about Microsoft Defender for Endpoint. 1. Using the onboarding script is one way to attach a device to your Defender for Endpoint license. You can also install the Defender for Endpoint agent manually or use a deployment tool like Intune. Once the device is onboarded and the agent is installed, it should show up in the Defender for Endpoint portal as an unassigned device. To assign the device to a specific license, you can go to the "Licenses" tab in the portal, select the license you want to assign, and then choose the unassigned device from the list. 2. Yes, you can see how your Defender for Endpoint licenses are distributed in the "Licenses" tab of the Defender for Endpoint portal. This will show you how many licenses you have, how many are in use, and how many are available. You can also view a list of all the devices that are using your licenses. 3. Yes, you can add a device to Intune even if it's already joined to a local domain. You'll need to make sure that the device is also registered with Azure AD, which can be done using the onboarding script or manually. 4. The main difference between Defender for Business and Endpoint Plan 2 is the level of functionality and features they provide. Endpoint Plan 2 includes additional features like attack surface reduction, network protection, automated investigation and response, and threat and vulnerability management. These features are designed to provide more advanced threat protection and are generally more suitable for larger organizations. However, in terms of the operating systems you mentioned (macOS, Ubuntu, and Windows), both Defender for Business and Endpoint Plan 2 should provide protection for those platforms. I hope this information helps. Regards, Abdal

Dear Abdal.

Thank you for the answer this helped me greatly, but could you sell a bit more?

1. I have multiple devices onboarded, all of them show up in the Assets>Devices tab in security.microsoft.com with onboarding status "Onboarded" and there is no information about the licensing. Only data about licensing is under Settings>Endpoints>Licenses as on the attached picture, those licenses can be assigned to users in Microsoft 365 admin portal, but again i cannot think of a way to corelate devices to a user with the license as defender do not ask for the user account, it automaticaly considers itself licensed when onboarded with no proces of licensing involved on our side.

2. Can you point me to the menu place where i can see the proper licensing information and settings?

3. I have tried few ways to do that on windows, yet did not succeed, both local script and onboard to infune via company portal failed to register the laptop showing status "Your device is already being managed by an organization, can you point me to the right method for single computer onboard to intune? (single as this is for test purposes) I have confirmed user used for this operation has the proper licensing, laptop has "Azure AD registered" status.

Best Regards,
Lukas

Hi, I'm Sneha and I'd be happy to help you out with your question. Sorry for the inconvenience caused. 1) Onboarding a device with the appropriate script is necessary for the device to be fully operational and attached to the license. When you assign a license to a user, it is associated with their account, not the device. Once the device is onboarded, it will automatically be associated with the user's license. You can view the devices associated with a particular user in the Microsoft 365 admin portal under the user's details. If a device is unassigned, it will use a license from the pool of available licenses. 2) To see how licenses are distributed, you can navigate to Settings > Endpoints > Licenses in the Microsoft Defender Security Center portal. This will show you how many licenses you have available and how many are currently in use. You can also view the usage for individual licenses by selecting the license type. 3) Yes, you can add a device to Intune even if it is already a part of a local domain. You can enroll the device in Intune using the Company Portal app or manually enroll the device using the Intune portal. If the Azure AD Connector is not an option for your organization, you can use Intune to manage your devices directly. 4) Microsoft Defender for Business and Microsoft Defender for Endpoint Plan 2 have different feature sets, with Endpoint Plan 2 offering more advanced threat protection capabilities. However, for your specific use case of a segmented environment that uses Mac OS, Ubuntu, and Windows, the differences between the two may not be as significant. The best way to determine which license is right for your organization is to evaluate the specific features and capabilities that each license offers and determine which best meets your needs. If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help to the best of my ability. Give back to the Community. Help the next person who has this issue by indicating if this reply solved your problem. Click Yes or No below. Best Regards, Sneha

Dear Miss Sneha Gupta,

Thank you for explaination, but this still did not fix two crucial issues we face. Please help me clarify below two points.

2. I have checked Settings > Endpoints > Licenses in the Microsoft Defender Security Center portal and it does not show me this information, it is clearly shown in the screenshot attached above. There is barely any information as i cannot see who uses license, just the summed number of licenses we currently have. Do you happen to know how to reach this information as it is possibly for some mysterious reason blocked for us?

3. Joining via company portal cannot be finished on the test device, we get information "This device hasn't been set up for corporate use yet." and while proceeding to configure it during connecting to an account which i am sure is an account with intune license there is notification notification "Your device is already being managed by an organization". I am sure that device (Windows 11) and app are up to date, device is not enrolled into Intune or any other UEM/MDM and that the account is able to register devices to intune. I'm sending You the screenshots of those notifications, please let me know how to proceed with this as we want to prepare enroll process before attempting to enroll more devices.

Best Regards,
Łukasz