Switch to Microsoft Defender for Endpoint - Phase 1: Prepare

Phase 1: Prepare
Phase 1: Prepare
Phase 2: Set up
Phase 2: Set up
Phase 3: Onboard
Phase 3: Onboard
You are here!

Welcome to the Prepare phase of switching to Microsoft Defender for Endpoint.

This migration phase includes the following steps:

  1. Get and deploy updates across your organization's devices
  2. Get Microsoft Defender for Endpoint.
  3. Grant access to the Microsoft Defender Security Center.
  4. Configure device proxy and internet connectivity settings.

Get and deploy updates across your organization's devices

As a best practice, keep your organization's devices and endpoints up to date. Make sure your existing endpoint protection and antivirus solution is up to date, and that the operating systems and apps your organization is also have the latest updates. Doing this now can help prevent problems later as you migrate to Microsoft Defender for Endpoint and Microsoft Defender Antivirus.

Make sure your existing solution is up to date

Keep your existing endpoint protection solution up to date, and make sure that your organization's devices have the latest security updates.

Need help? See your solution provider's documentation.

Make sure your organization's devices are up to date

Need help updating your organization's devices? See the following resources:

OS Resource
Windows Microsoft Update
macOS How to update the software on your Mac
iOS Update your iPhone, iPad, or iPod touch
Android Check & update your Android version
Linux Linux 101: Updating Your System

Get Microsoft Defender for Endpoint

Now that you've updated your organization's devices, the next step is to get Microsoft Defender for Endpoint, assign licenses, and make sure the service is provisioned.

  1. Buy or try Microsoft Defender for Endpoint today. Start a free trial or request a quote.

  2. Verify that your licenses are properly provisioned. Check your license state.

  3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See Microsoft Defender for Endpoint setup: Tenant configuration.

  4. If endpoints (such as devices) in your organization use a proxy to access the internet, see Microsoft Defender for Endpoint setup: Network configuration.

At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center (https://aka.ms/MDATPportal).

Note

The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender for Endpoint portal, and can be accessed at https://aka.ms/MDATPportal.

Grant access to the Microsoft Defender Security Center

The Microsoft Defender Security Center (https://aka.ms/MDATPportal) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see Overview of the Microsoft Defender Security Center.

Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.

  1. Plan the roles and permissions for your security administrators and security operators. See Role-based access control.

  2. Set up and configure RBAC. We recommend using Intune to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See setting up RBAC using Intune.

    If your organization requires a method other than Intune, choose one of the following options:

  3. Grant access to the Microsoft Defender Security Center. (Need help? See Manage portal access using RBAC).

Configure device proxy and internet connectivity settings

To enable communication between your devices and Microsoft Defender for Endpoint, configure proxy and internet settings. The following table includes links to resources you can use to configure your proxy and internet settings for various operating systems and capabilities:

Capabilities Operating System Resources
Endpoint detection and response (EDR) - Windows 10
- Windows Server 2019
- Windows Server 1803 or later
Configure machine proxy and internet connectivity settings
EDR - Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2008 R2 SP1
- Windows 8.1
- Windows 7 SP1
Configure proxy and internet connectivity settings
EDR macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra)
Microsoft Defender for Endpoint for Mac: Network connections
Microsoft Defender Antivirus - Windows 10
- Windows Server 2019
- Windows Server 1803 or later
- Windows Server 2016
Configure and validate Microsoft Defender Antivirus network connections
Antivirus macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra)
Microsoft Defender for Endpoint for Mac: Network connections
Antivirus Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2
Microsoft Defender for Endpoint for Linux: Network connections

Next step

Congratulations! You have completed the Prepare phase of switching to Microsoft Defender for Endpoint!