The Microsoft Defender for Endpoint platform enables enterprise networks to detect and respond to advanced threats by preventing, detecting, investigating, and detecting them.
Microsoft Defender for Endpoint provides customers with an unified view of threats and alerts, across Windows and non-Windows (MacOS, iOS, Android) platforms, allowing them to gain a deeper understanding of what is happening in their environment, increasing the level of agility to assess and respond to threats.
Licensing for Microsoft Defender for Endpoint
Windows 10 Enterprise E5
Windows 10 Education A5
Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
Microsoft 365 A5 (M365 A5)
Microsoft 365 E5 Security
Microsoft 365 A5 Security
Microsoft Defender for Endpoint
Several configurations are required for this to work:
Intune needs to be integrated with Microsoft Defender for Endpoints through a service-to-service connection. When you manage supported devices with Intune, Microsoft Defender for Endpoint can collect information about their risks.
Onboard Microsoft Defender for Endpoint devices using a device configuration profile. As part of the onboarding process, you configure devices to communicate with Microsoft Defender for Endpoint in order to provide data that can help determine their risk level.
Set your risk levels for devices using a compliance policy. Endpoint protection from Microsoft Defender reports risk levels. Unsafe devices are identified as non-compliant when they exceed the permissible risk levels.
Access to corporate resources can be blocked for non-compliant devices through conditional access policies.
Configuration includes the following general steps:
Enable Microsoft Defender for Endpoint for your tenant.
Onboard devices that run Android, iOS/iPadOS, and Windows 10
Use compliance policies to set device risk levels.
Use conditional access policies to block devices that exceed your expected risk levels.
Enable Microsoft Defender for Endpoint
1) Login to Endpoint management
2) Select Endpoint security > Microsoft Defender for Endpoint, and then select Open the Microsoft Defender Security Center.
Enable the Defender security center
You will need to enable the Defender security center (One time activity, if not done earlier or didn't activated ) services.
note :In case you have already setup and configure Defender security center, proceed with step 6
1) Click "next" on setup
2) Set tenant preferences in the portal.
3) For the Defender Security Center, create the cloud instance.
4) You can onboard your devices manually to validate the configuration or click “Start using Microsoft Defender for Endpoint.”
note: Script for manual on boarding for windows devices:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
5) Proceed with setup
6) In Microsoft Defender Security Center: ( In case you have already setup and configure Defender security center, proceed with this step)
Select Settings > Advanced features.
For Microsoft Intune connection, choose on:
7) Select Save preferences.
8) Go back to Microsoft Defender for Endpoint in the Microsoft Endpoint Manager admin center. Depending on your organization's requirements, you can choose the following settings in the MDM Compliance Policy Settings:
9) Click “Save” for the configuration
10) Connection status will be “Enabled."