Planning for Microsoft Defender for Endpoint?
If you’re planning to move to Microsoft Defender for Endpoint, you will need to start with your organization’s architecture. The deployment tools you are going to use for onboarding devices to Microsoft Defender for Endpoint will depend on the type of architecture you have.
In this blog, we are going to be restricted to onboarding cloud native Windows10 devices to Microsoft Defender for Endpoint with the help of Microsoft Endpoint Manager tool.
You can use Microsoft Defender for Endpoint in your environment in different ways to meet your needs. The first step is to classify how your company is structured. Choose the architecture that best maps to your needs.
You should choose a cloud-native architecture if your organization’s devices are based in the cloud. For example, if all devices are managed by Microsoft Endpoint Manager, or if your organization would like to move to them in the future to be managed by Microsoft Endpoint Manager.
Choose co-management if you have a blended architecture, with devices managed by Microsoft Endpoint Manager and an on-premises configuration management solution.
Choose an on-premises architecture if all your devices are using either Configuration Manager or Active Directory Domain Services. Your organization can still benefit from using the power of the cloud-based Microsoft Defender for Endpoint.
Select onboarding tools
Once you’ve identified your organization’s architecture, you can identify the tools you’ll use to onboard devices to Microsoft Defender for Endpoint. Each architecture type has a selection of tools to use for onboarding:
|Cloud-native||Microsoft Endpoint Manager|
|Co-management||Microsoft Endpoint Manager, Configuration Manager|
|On-premises||Configuration Manager, Group Policy|
Onboarding Cloud-native Windows10 devices to Microsoft Defender for Endpoint using Microsoft Endpoint Manager
In this section, we will focus on the steps to be performed for seamless onboarding of cloud-native windows10 devices to MDE using MEM.
Establish communication between Microsoft Defender for Endpoint & Microsoft Endpoint Manager portal
It is recommended to establish communication between Microsoft Defender for Endpoint & Microsoft Endpoint Manager. Follow the steps below:
- Login to http://security.microsoft.com/ and browse to Settings>Endpoints>Advanced Features and enable “Microsoft Intune Connection” and save preferences as shown below:
This is required as it connects MDE to Microsoft Intune to enable sharing of device information and enhanced policy enforcement. Intune provides additional information about managed devices for secure score.
- Login to http://endpoint.microsoft.com/ and browse to Endpoint Security>Setup>Microsoft Defender for Endpoint and enable “Connect Windows devices to Microsoft Defender for Endpoint” and save changes as shown below:
When on, compliance policies using the Device Threat Level rule will evaluate devices including data from this connector.
Create a group in Microsoft Endpoint Manager
It’s advisable to create a group for your pilot devices to apply desired configurations. Browse to Groups>New Group and create a group relevant to your requirement.
Create Device Configuration Profile in MEM
For creating Configuration Profile follow the steps mentioned below:
- Login to http://endpoint.microsoft.com/ and browse to Devices>Configuration Profiles>Create Profile and select the platform you want to choose & profile type “Templates” and select “Microsoft Defender for Endpoint (desktop devices running Windows 10 or later)” as shown below:
- Click on Create and enter details. Ensure you choose the group that was created for MDE Onboarding as shown below:
You can add the devices you wish to onboard to MDE in this group and the devices will get onboarded seamlessly
- Once the configuration profile is created, go to properties and you will find Microsoft Defender for configuration package type is set to Onboard.
Steps to onboard devices
Once the configuration profile is created, you are all set to onboard your first device to Microsoft Defender for Endpoint. All you need to do is to open the group and add Members to the group as shown below:
It will take few minutes and the devices will get onboarded to Microsoft Defender for Endpoint automatically.
Additionally, you can check the progress in Device Status tab. Browse to Devices>Configuration Profile (which you created for onboarding)>Device Status as shown below: