Onboard to the Microsoft Defender ATP service
Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
Deploying Microsoft Defender ATP is a three-phase process:
Phase 1: Prepare
Phase 2: Set up
Phase 3: Onboard
You are currently in the onboarding phase.
These are the steps you need to take to deploy Microsoft Defender ATP:
- Step 1: Onboard endpoints to the service
- Step 2: Configure capabilities
Step 1: Onboard endpoints using any of the supported management tools
The Plan deployment topic outlines the general steps you need to take to deploy Microsoft Defender ATP.
After identifying your architecture, you'll need to decide which deployment method to use. The deployment tool you choose influences how you onboard endpoints to the service.
Onboarding tool options
The following table lists the available tools based on the endpoint that you need to onboard.
|Windows||Local script (up to 10 devices)
Microsoft Endpoint Manager/ Mobile Device Manager
Microsoft Endpoint Configuration Manager
Microsoft Endpoint Manager
Mobile Device Management
|Linux Server||Local script
|Android||Microsoft Endpoint Manager|
Step 2: Configure capabilities
After onboarding the endpoints, you'll then configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.
In this deployment guide, we'll guide you through using two deployment tools to onboard endpoints and how to configure capabilities.
The tools in the example deployments are:
- Onboarding using Microsoft Endpoint Configuration Manager
- Onboarding using Microsoft Endpoint Manager
Using the mentioned deployment tools above, you'll then be guided in configuring the following Microsoft Defender ATP capabilities:
- Endpoint detection and response configuration
- Next-generation protection configuration
- Attack surface reduction configuration