MDE vs Intune for ASR

New Contributor

Hi All

I have a partner asking the following. Would appreciate any responses Thanks


As we discussed over the phone the vast majority of devices we manage are already enrolled in MEM (AAD Joined or Hybrid AD Joined) and therefore all of the Endpoint Security policy types are supported.   


The key challenge that we have at present is that ASR is not yet included under MDE Security Configuration even though when you create a new ASR policy the target is mdm,microsoftSense (screen clip below) which suggests to me this capability is not far away.


We have the ability to build out an ASR framework using PowerShell and our RMM tools however this requires a significant investment of time which would be a wasted effort if ASR will be included in  MDE Security Configuration in the near future.









4 Replies
If tbe devices are enrolled in MEM and if you are licensed for MDE, then you can straight away deploy ASR policies. MDE security configuration is meant for scenarios where you are not able to do a full enrollment in Intune. This also allows pushing MDE policies on servers.

@rahuljindal-MVP Thanks for your post, this is what we have setup at present for the majority of endpoints however for servers or endpoints not managed by MEM we need to be able to use MDE to manage AV, Firewall and ASR policies.  AV/FW work as expected using the MDE/MEM Security Configuration on these devices but ASR is not yet working yet the target in the policy is defined as mdm,microsoftSense so would expect ASR policies to also work in the same way.  

I understand. This is a limitation of MDE security configuration right now. Hopefully this can change in future.
Thanks Guys have escalated to Australian engineering team to see if we can get anything on roadmap and timeline