Onboard to the Microsoft Defender for Endpoint service


Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Applies to:

Deploying Defender for Endpoint is a three-phase process:

Prepare to deploy Defender for Endpoint
Phase 1: Prepare

Setup the Defender for Endpoint service
Phase 2: Set up

Onboard diagram
Phase 3: Onboard

You are currently in the onboarding phase.

These are the steps you need to take to deploy Defender for Endpoint:

  • Step 1: Onboard endpoints to the service
  • Step 2: Configure capabilities

Step 1: Onboard endpoints using any of the supported management tools

The Plan deployment topic outlines the general steps you need to take to deploy Defender for Endpoint.

After identifying your architecture, you'll need to decide which deployment method to use. The deployment tool you choose influences how you onboard endpoints to the service.

Onboarding tool options

The following table lists the available tools based on the endpoint that you need to onboard.

Endpoint Tool options
Windows Local script (up to 10 devices)
Group Policy
Microsoft Endpoint Manager/ Mobile Device Manager
Microsoft Endpoint Configuration Manager
VDI scripts
macOS Local scripts
Microsoft Endpoint Manager
Mobile Device Management
Linux Server Local script
iOS App-based
Android Microsoft Endpoint Manager

Step 2: Configure capabilities

After onboarding the endpoints, you'll then configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.

Example deployments

In this deployment guide, we'll guide you through using two deployment tools to onboard endpoints and how to configure capabilities.

The tools in the example deployments are:

Using the mentioned deployment tools above, you'll then be guided in configuring the following Defender for Endpoint capabilities:

  • Endpoint detection and response configuration
  • Next-generation protection configuration
  • Attack surface reduction configuration