Plan your Microsoft Defender ATP deployment


Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Applies to:

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Microsoft Defender ATP.

These are the general steps you need to take to deploy Microsoft Defender ATP:

Image of deployment flow

  • Identify architecture
  • Select deployment method
  • Configure capabilities

Step 1: Identify architecture

We understand that every enterprise environment is unique, so we've provided several options to give you the flexibility in choosing how to deploy the service.

Depending on your environment, some tools are better suited for certain architectures.

Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.

Item Description
Thumb image for Microsoft Defender ATP deployment strategy
PDF | Visio
The architectural material helps you plan your deployment for the following architectures:
  • Cloud-native
  • Co-management
  • On-premise
  • Evaluation and local onboarding

Step 2: Select deployment method

Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service.

The following table lists the supported endpoints and the corresponding deployment tool that you can use so that you can plan the deployment appropriately.

Endpoint Deployment tool
Windows Local script (up to 10 devices)
Group Policy
Microsoft Endpoint Manager/ Mobile Device Manager
Microsoft Endpoint Configuration Manager
VDI scripts
macOS Local script
Microsoft Endpoint Manager
Mobile Device Management
Linux Server Local script
iOS App-based
Android Microsoft Endpoint Manager

Step 3: Configure capabilities

After onboarding endpoints, configure the security capabilities in Microsoft Defender ATP so that you can maximize the robust security protection available in the suite. Capabilities include:

  • Endpoint detection and response
  • Next-generation protection
  • Attack surface reduction