Manage your Microsoft Defender for Endpoint using a device group

Introduction

Microsoft Defender for Endpoint (MDE) Device Groups allow you to segment and manage your devices more effectively within the security environment. Device Groups are used to apply different security policies, manage alerts, and streamline the administration of endpoints.

Trustnest deploys a security baseline and collect events to the TDP Security Operating Center. In your Business Lines, or GBU, you should need to extend the security baseline or directly receive alerts from Microsoft Defender. To do so, you should ask for Microsoft Defender for Endpoint device groups.

Just go to PostIT and search for "device group", or simply click on Microsoft Defender for Endpoint Device Groups

You should add a tag and list of users that be able to monitor the MDE configuration.

How to access to Microsoft Defender console ?

Accesst to https://security.microsoft.com/homepage?tid=USE_THALESDIGITAL_IO_TENANT_ID

note

you should be able to find the USE_THALESDIGITAL_IO_TENANT_ID using azure portal

You should see

To see your device, click on "endpoint" in the left menu:

If you have several device groups, you should select the right one by clicking on "filter by device groups":

Troubleshooting section

I do not see the "endpoint" section and the user interface looks like:

Root cause: You're connected to wrong tenant (Thales SA).

Why ? Usually, if you use your thalesgroup.com identity, you will be redirected directly to Thales tenant.

How to fix it ? Switch to the tenant:

Option 1: use the URL described in the documentation, ie: https://security.microsoft.com/homepage?tid=USE_THALESDIGITAL_IO_TENANT_ID

Option 2: use the User Interface

I do not see the "endpoint" section and I am connected to the right EntraID tenant:

Root cause: A permission is missing

Why ?

you haven't ask for the feature. How to fix ? Just go to PostIT and search for "device group", or simply click on Microsoft Defender for Endpoint Device Groups

I see the "endpoint" section but I do not see any devices

Root cause: the tags submitted when subscribing to the feature is not present on devices.

Howto fix ?

make sure the tag is properly setup on any devices.

Introduction​

How to subscribe to it ?​

How to access to Microsoft Defender console ?​

Troubleshooting section​

I do not see the "endpoint" section and the user interface looks like:​

I do not see the "endpoint" section and I am connected to the right EntraID tenant:​

I see the "endpoint" section but I do not see any devices​