As you know, SCCM and Intune/Endpoint Configuration Manager are being more and more close with each other.
Well, now you can define and apply Microsoft Defender policy from Endpoint Configuration Manager on devices managed by SCCM.
To be able to do it, you need to use the latest version of SCCM Current Branch 2002 with the KB4563473 hotifx or later and have your tenant attached (aka co-management feature setup, even if don’t really use the co-management capabilities).
Then you need to the Upload to Microsoft Endpoint Manager admin center option available under the Configure upload tab
![image_thumb[1]](https://www.cubesys.com.au/wp-content/uploads/2020/08/image_thumb1-240.png "image_thumb[1]")
Then you need to go back to the Assets and Compliance workspace to enable Device collection(s) synchronization to the Endpoint Manager portal using the Make this collection available to assign Endpoint security policies from Microsoft Endpoint Manager admin center option available under the Cloud Sync tab
![image_thumb[4]](https://www.cubesys.com.au/wp-content/uploads/2020/08/image_thumb4-116.png "image_thumb[4]")
Now you can connect to your Endpoint Configuration Manager portal (https://endpoint.microsoft.com/) to create a Windows 10 and Windows Server (ConfigMgr) profile for Microsoft Defender Antivirus from the Endpoint SecurityAntivirus blade and configure the options to manage Microsoft Defender
![image_thumb[2]](https://www.cubesys.com.au/wp-content/uploads/2020/08/image_thumb2-185.png "image_thumb[2]")
![image_thumb[3]](https://www.cubesys.com.au/wp-content/uploads/2020/08/image_thumb3-146.png "image_thumb[3]")
Then the assignment will use SCCM Device Collections, which need to have been synchronized.
