Onboard to the Microsoft Defender for Endpoint service

Applies to:

Learn about the various phases of deploying Microsoft Defender for Endpoint and how to configure the capabilities within the solution.

Deploying Defender for Endpoint is a three-phase process:

deployment phase - prepare
Phase 1: Prepare
deployment phase - setup
Phase 2: Setup
deployment phase - onboard
Phase 3: Onboard
You are here!

You are currently in the onboarding phase.

These are the steps you need to take to deploy Defender for Endpoint:

  • Step 1: Onboard endpoints to the service
  • Step 2: Configure capabilities

Step 1: Onboard endpoints using any of the supported management tools

The Plan deployment topic outlines the general steps you need to take to deploy Defender for Endpoint.

Watch this video for a quick overview of the onboarding process and learn about the available tools and methods.

After identifying your architecture, you'll need to decide which deployment method to use. The deployment tool you choose influences how you onboard endpoints to the service.

Onboarding tool options

The following table lists the available tools based on the endpoint that you need to onboard.

Endpoint Tool options
Windows Local script (up to 10 devices)
Group Policy
Microsoft Endpoint Manager/ Mobile Device Manager
Microsoft Endpoint Configuration Manager
VDI scripts
macOS Local scripts
Microsoft Endpoint Manager
JAMF Pro
Mobile Device Management
Linux Server Local script
Puppet
Ansible
iOS App-based
Android Microsoft Endpoint Manager

Step 2: Configure capabilities

After onboarding the endpoints, you'll then configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.

Example deployments

In this deployment guide, we'll guide you through using two deployment tools to onboard endpoints and how to configure capabilities.

The tools in the example deployments are:

Using the mentioned deployment tools above, you'll then be guided in configuring the following Defender for Endpoint capabilities:

  • Endpoint detection and response configuration
  • Next-generation protection configuration
  • Attack surface reduction configuration