Share via

Apply AV/EDR Policies to Azure VMs via the Security Portal

Dimitriοs Tsamitas 0 Reputation points
2026-02-20T14:01:47.62+00:00

Hello,

I have been facing some issues lately where I am trying to apply certain AV/EDR policies to Azure Windows Servers that have Defender for Cloud (Defender for Server P2). My understanding is the following:

In order to apply any AV/EDR policies, where that is a configuration or exclusion, a policy has to be created via the Endpoints>Configuration Management> Endpoint Security Policies of the Security Portal, now, my issue is that I am not able to see the Azure VMs on Intune in order to assign them to a dynamic Device Group and in turn add this device group on the policy I want to apply.

Anyone know how to solve this issue? Is there a recommended way to do this? I am not fixed in doing it this way I just want the a solution.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Catherine Kyalo 2,855 Reputation points Microsoft Employee
    2026-03-02T10:59:22.6233333+00:00

    Hi Dimitriοs Tsamitas,

    Azure VMs are not Intune‑enrolled by default and This is by design. Microsoft confirms that Defender for Servers includes Defender for Endpoint server licensing and does not require Intune for onboarding or protection

    Instead of Intune dynamic groups, the recommended approach is:

    1. Go to security.microsoft.com
    2. Use:
      • Device Groups
        • Dynamic Device Tags (Asset Rule Management)

    These work natively for Azure VMs and do not require Intune

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    0 comments
  2. Q&A Assist
    2026-02-20T14:02:02.03+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To apply AV/EDR policies to Azure VMs using Microsoft Defender for Cloud, you need to ensure that your Azure VMs are properly onboarded and visible in the Microsoft Intune environment. Here are some steps to troubleshoot and resolve the issue:

    1. Verify Onboarding: Ensure that your Azure VMs are onboarded to Microsoft Defender for Endpoint. You can check this in the Defender for Cloud portal.
    2. Check Integration: Make sure that Defender for Cloud is integrated with Intune. This integration is necessary for the VMs to appear in Intune and for you to manage them through endpoint security policies.
    3. Dynamic Device Groups: If your VMs are not showing up in Intune, you may need to create a dynamic device group that includes your Azure VMs. Ensure that the membership rules for the dynamic group are correctly configured to include the VMs you want to manage.
    4. Policy Creation: Once the VMs are visible in Intune, you can create and assign your AV/EDR policies through the Security Portal by navigating to Endpoints > Configuration Management > Endpoint Security Policies.
    5. Permissions: Ensure that you have the necessary permissions assigned to your account to view and manage these resources in both Defender for Cloud and Intune.

    If the issue persists, consider reviewing the documentation for troubleshooting onboarding issues or reach out to Microsoft support for further assistance.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.