Does MS Defender with ATP require Intune?



  • Our objective is for all Windows endpoints to have Microsoft Defender with ATP installed.
  • Environment has workstations and laptops.
  • All workstations and some laptops (specific use case) will not be enrolled in Intune.
  • The workstations will be managed through SCCM. The “specific use case laptops” will not have centralized configuration management.



  • Does MS Defender with ATP require Intune?
  • If it does not, would this change how the product is managed?
7 Replies

@Kevin Watkins 

No you don't require Intune.

Intune is just one of the ways you can onboard devices into the Microsoft Defender for Endpoint.


Onboard devices to the Microsoft Defender ATP service - Windows security | Microsoft Docs

I agree this was/is correct with Intune, but does this apply with Endpoint Manager? A lot of configuration/policy is set with Endpoint Manager which hardens the devices - without it, ATP could report more vulnerabilities if in an Azure Active Directory only directory, no? 


@Mark Aldridge 

@Kevin Watkins We had planned to deploy MS Defender with ATP. However, that offering looks to require M365 E5 licensing? M365 E3 is our desired offering subscription.  That could very well prove too costly for folks to absorb with a deployment over a number of users. Does MS have an offering outside of full cost of an M365 E5 subscription, and would deploy Defender with ATP coverage across 300-500 users?



best response confirmed by Kevin Watkins (Contributor)

@Kevin Watkins Microsoft has several step-ups which would prove cheaper than an E5 license. Think the cost is something like;


Defender ATP is £3.27 per user per month

Defender ATP for Server is £3.27 per server per month
looking 250 users, 25 servers


That's attractive.  Converts to about $4.50 USD per user/per month.

Thank you


I assume you're talking about the Microsoft Defender ATP security baseline that you can deploy from Intune. This is just Microsoft recommended setting for use with Microsoft Defender for Endpoint is how I understand it. None of these settings actually require a device to be onboarded to Microsoft Defender for Endpoint.

All of the actual Microsoft Defender for Endpoint polices are configured within the Microsoft Defender Security Center portal

@Mark Aldridge This is correct, you don't need Endpoint Manager to deploy ATP Defender, however, hardening devices, software updates, policies etc. can help fill gaps in ATP Defender vulnerabilities.