This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 23%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi,
There is a way to prevent offboard device or non-compliance device to get ip from dhcp server?
Even add the mac address to deny list when there is a non-compilance device (on the computer is not installed microsoft defender for endpoint)
I would love a solution!
Rodriguez_591
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Rodriguez_591, Thanks for posting in Q&A. Based on my researching, it seems the setting "Block unicast responses to multicast broadcasts" of Firewall under Endpoint security or Endpoint Protection in Intune can block getting IP from DHCP. You can choose one device to test to try this.
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-firewall-profile-settings
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Thanks for response.
it's possible to do this as an automatically action for non-compliance/offboard devices?
in Microsoft Intune or Microsoft Defender for Endpoint? when if the Microsoft Defender for Endpoint is not installed in endpoint then there is automatic execution.
I very, very much hope that there is a solution for this.
Rodriguez_591
@Rodriguez_591, Thanak for posting in Q&A. The configuration is deployed in Intune. And it is assigned to device group or user group. My thought is to add the devices without Microsoft Defender Endpoint automatically into the device group. But after my researching, I don't find the built in rule to do this.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership
You can contact Microsoft Entra ID support to confirm if such dynamic group can be created to auto add the devices without Microsoft Defender Endpoint
https://learn.microsoft.com/en-us/entra/fundamentals/how-to-get-support