Manage Microsoft Defender for Endpoint with Configuration Manager
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft 365 Defender
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
We recommend using Microsoft Endpoint Manager, which includes Microsoft Intune (Intune) and Microsoft Endpoint Configuration Manager (Configuration Manager) to manage your organization's threat protection features for devices (also referred to as endpoints).
- Learn more about Endpoint Manager
- Co-manage Microsoft Defender for Endpoint on Windows 10 and Windows 11 devices with Configuration Manager and Intune
Configure Microsoft Defender for Endpoint with Configuration Manager
| Task | Resources to learn more |
|---|---|
| Install the Configuration Manager console if you don't already have it If you don't already have the Configuration Manger console, use these resources to get the bits and install it. |
Get the installation media Install the Configuration Manager console |
| Use Configuration Manager to onboard devices to Microsoft Defender for Endpoint If you have devices (or endpoints) not already onboarded to Microsoft Defender for Endpoint, you can do that with Configuration Manager. |
Onboard to Microsoft Defender for Endpoint with Configuration Manager |
| Manage antimalware policies and Windows Firewall security for client computers (endpoints) Configure endpoint protection features, including Microsoft Defender for Endpoint, exploit protection, application control, antimalware, firewall settings, and more. |
Configuration Manager: Endpoint Protection |
| Choose methods for updating antimalware updates on your organization's devices With Endpoint Protection in Configuration Manager, you can choose from several methods to keep antimalware definitions up to date on your organization's devices. |
Configure definition updates for Endpoint Protection Use Configuration Manager to deliver definition updates |
| Enable Network Protection to help prevent employees from using apps that malicious content on the Internet We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out. |
Turn on network protection with Configuration Manager |
| Configure controlled folder access to protect against ransomware Controlled folder access is also referred to as antiransomware protection. |
Endpoint protection: Controlled folder access Enable controlled folder access in Microsoft Endpoint Configuration Manage |
Configure your Microsoft 365 Defender portal
If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See While the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the Microsoft 365 Defender portal. You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
Next steps
Feedback
Submit and view feedback for