Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
In general, you’ll identify the Windows device you’re onboarding, then follow the corresponding tool appropriate to the device or your environment.
Endpoint onboarding tools
Depending on the Windows endpoint you want to onboard, use the corresponding tool or method described in the following table.
Windows device | Onboarding tool or method |
---|---|
|
Local script (up to 10 devices) Group Policy Microsoft Endpoint Configuration Manager Microsoft Endpoint Manager/ Mobile Device Management (Intune) VDI scripts NOTE: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
|
Microsoft Monitoring Agent (MMA) Onboard previous versions of Windows or Microsoft Defender for Cloud NOTE: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see Log Analytics agent overview. |
|
Microsoft Monitoring Agent (MMA)
NOTE: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see Log Analytics agent overview. |
(1) Windows Server 2016 and Windows Server 2012 R2 will need to be onboarded using the instructions in Onboard Windows servers.
Important
In order to be eligible to purchase Microsoft Defender for Endpoint Server SKU, you must have already purchased a combined minimum of any of the following, Windows E5/A5, Microsoft 365 E5/A5 or Microsoft 365 E5 Security subscription licenses. For more information on licensing, see the Product Terms.
Topic | Description |
---|---|
Onboard devices using Group Policy | Use Group Policy to deploy the configuration package on devices. |
Onboard devices using Microsoft Endpoint Configuration Manager | You can use either use Microsoft Endpoint Manager (current branch) version 1606 or Microsoft Endpoint Manager (current branch) version 1602 or earlier to deploy the configuration package on devices. |
Onboard devices using Mobile Device Management tools | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on device. |
Onboard devices using a local script | Learn how to use the local script to deploy the configuration package on endpoints. |
Onboard non-persistent virtual desktop infrastructure (VDI) devices | Learn how to use the configuration package to configure VDI devices. |
Want to experience Defender for Endpoint? Sign up for a free trial.
After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see Run a detection test on a newly onboarded Microsoft Defender for Endpoint device.