Planning Your Microsoft Defender for Endpoint Deployment

Categories:

When planning your Microsoft Defender for Endpoint deployment, you want to plan it so that you can get the most out of its security capabilities to protect your environment from cyberattacks. Figure 15.9 provides guidance on how to identify your environment architecture, select the best type of deployment tool, and guides you on how to configure your required capabilities. For more information regarding planning your Microsoft Defender for Endpoint deployment, check out Microsoft’s website at https:// learn.microsoft.com/en- us/microsoft- 365/security/defender- endpoint/ deployment- strategy?view=o365- worldwide.

FIGURE 15.9 Planning your Microsoft Defender for Endpoint deployment

Because every environment is different, some tools may be better suited to meet your deployment needs. Because there are so many different ways to plan your deployment,  I want to share an extremely helpful web page that can assist with the planning phase. This web page allows you to download a variety of PDFs that cover the multitude of ways to plan your deployment. The information included with the guides provide information on prerequisites, design, and configuration options. So, check out Microsoft’s website at https:// docs.microsoft.com/en- us/microsoft- 365/security/defender- endpoint/ deployment- strategy.

Microsoft Defender for Endpoint Deployment

Once you plan your Microsoft Defender for Endpoint deployment, the next phase will be the actual deployment phase. The deployment phase has its own phases that include:

       Phase 1 – Prepare: Determine what should be considered, such as stakeholder approvals, environment considerations, access permissions, and adoption order of capabilities.

       Phase 2 – Setup: The initial steps needed so you can access the portal, such as licensing validation, tenant configuration using the setup wizard, and network configuration.

       Phase 3 – Onboard: Depending on the operating system and deployment method, you can use one of the tools in Table 15.3 to onboard devices to Defender for Endpoint.

Table 15.3 lists the available tools based on the endpoint that you need to onboard. The information in Table 15.3 was taken directly from Microsoft’s website.

TABLE 15.3 Onboarding tool options

EndpointTool options
WindowsLocal script (up to 10 devices) Group Policy Microsoft Endpoint Manager/Mobile Device Manager Microsoft Endpoint Configuration Manager VDI scripts Integration with Microsoft Defender for Cloud
macOSLocal scripts Microsoft Endpoint Manager JAMF Pro Mobile Device Management
Linux ServerLocal script Puppet Ansible
iOSMicrosoft Endpoint Manager
AndroidMicrosoft Endpoint Manager

As you can see in Table 15.3, there are a number of ways to onboard devices to Defender for Endpoint depending on the operating system and deployment method. You can use the onboarding wizard to help guide you through the process. You will go through the onboarding section of the Defender for Endpoint portal to onboard any of the supported devices. Depending on the device, you will be provided with instructions and package files to meet your needs for the device chosen.

Monitoring Microsoft Defender for Endpoint

You can view information on device compliance and onboarding by using the Microsoft Endpoint Manager admin center. To monitor the state of devices that have a Microsoft Defender for Endpoint compliance policy, perform the following steps:

  1. Sign into the Microsoft Endpoint Manager admin center at https://endpoint .microsoft.com.
  2. Select Devices Monitor Policy Compliance.
  3. Locate the Microsoft Defender for Endpoint policy that you want from the list and check to see which devices are compliant or noncompliant.

You can also take a look at the operational report for noncompliant devices by going to Devices Monitor Noncompliant Devices. If you want to learn the onboarding status of your Intune- managed devices, you can select Endpoint Security Microsoft Defender For Endpoint. Here you can also onboard more devices to Microsoft Defender for Endpoint by creating a device configuration profile.

Leave a Reply

Your email address will not be published. Required fields are marked *