Microsoft Defender Device Onboard Local Script Device Limit

Shaun Slater 61 Reputation points
2023-11-22T15:52:50.9633333+00:00

Hello,

I would like to use the Defender Onboarding Local Script to onboard between 40 & 50 devices that failed to onboard with the Intune deployment method used for mass deployments.

It says that this type of deployment method can only be used on a device count between 1 & 10, but we would like to use it to onboard approximately 40-50 devices.

I know this is not recommended by Microsoft but is this a technically solution to use to help us close the device gap and what happens if we go over the 10-device limitation. I have already tested this on a couple of devices and it works but we want to be assured that if we deploy this to all devices (700+), 40-50 of those not onboarded, that this will do the job.

Thanks,

Shaun

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,005 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,785 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,669 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JatinMakhija 971 Reputation points
    2023-11-22T20:33:06.6566667+00:00

    That's right. Using the local script option is not a recommended choice for production. This is because the data reporting frequency is higher than other onboarding methods when onboarding using a local script. Microsoft suggests that this could have environmental impact.

    I suggest investigating why those devices are not being onboarded with Defender. Utilize the methods recommended for mass onboarding, such as Intune, since you already use it. I'm sharing a few reference guides with you that might be helpful in resolving this issue.

    1. Make sure you are meeting the Minimum License Requirements for on-boarding clients to Defender: https://video2.skills-academy.com/en-us/microsoft-365/security/defender-endpoint/run-analyzer-windows?view=o365-worldwide
    2. Make sure you are meeting the Hardware and Software requirements on those devices that are not getting on-boarded: https://video2.skills-academy.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide#hardware-and-software-requirements
    3. Run the Defender client analyzer tool on the device and Investigate the logs: https://video2.skills-academy.com/en-us/microsoft-365/security/defender-endpoint/run-analyzer-windows?view=o365-worldwide

    If any of the above methods are not working, Log a Support ticket with Microsoft as it could be an issue at the backend.

    --If the response is helpful, please click "Accept Answer" and upvote it --