In the current release of Windows Intune, Windows Intune Endpoint Protection is only installed if a policy is created to require this installation on newly enrolled clients. In the upcoming release of Windows Intune, the endpoint protection client will be installed on computers with Windows Intune, unless a policy is created to prevent this installation. This change is being made in response to customer feedback, and to better secure computers running Windows Intune.
After this change is made you will have 3 options to control the install of Windows Intune Endpoint Protection. The policy setting is part of the Windows Intune Agent Settings policy.
1. No policy (Default setting): All machines will receive Windows Intune Endpoint Protection
2. Install Endpoint Protection Policy set to “Yes”: Machines with this policy deployed will receive Windows Intune Endpoint Protection
3. Install Endpoint Protection Policy set to “No”: Machines with this policy deployed will not receive Windows Intune Endpoint Protection and existing installs of Windows Intune Endpoint Protection will be uninstalled
Screenshot of the policy setting:
Thanks,
The Windows Intune Team