Deployment phases


Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Applies to:

There are three phases in deploying Microsoft Defender ATP:

Phase Description
Phase 1: Prepare
Phase 1: Prepare
Learn about what you need to consider when deploying Microsoft Defender ATP:

- Stakeholders and sign-off
- Environment considerations
- Access
- Adoption order
Phase 2: Setup
Phase 2: Setup
Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:

- Validating the licensing
- Completing the setup wizard within the portal
- Network configuration
Phase 3: Onboard
Phase 3: Onboard
Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them.

The deployment guide will guide you through the recommended path in deploying Microsoft Defender ATP.

If you're unfamiliar with the general deployment planning steps, check out the Plan deployment topic to get a high-level overview of the general deployment steps and methods.

In Scope

The following is in scope for this deployment guide:

  • Use of Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to onboard endpoints into the service and configure capabilities

  • Enabling Microsoft Defender ATP endpoint detection and response (EDR) capabilities

  • Enabling Microsoft Defender ATP endpoint protection platform (EPP) capabilities

    • Next-generation protection

    • Attack surface reduction

Out of scope

The following are out of scope of this deployment guide:

  • Configuration of third-party solutions that might integrate with Microsoft Defender ATP

  • Penetration testing in production environment