| title | description | ms.service | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.subservice | search.appverid | ms.date | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Onboard devices and configure Microsoft Defender for Endpoint capabilities |
Onboard Windows 10 and Windows 11 devices, servers, non-Windows devices and learn how to run a detection test. |
defender-endpoint |
siosulli |
siosulli |
medium |
deniseb |
ITPro |
|
conceptual |
onboard |
met150 |
03/28/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
[!includePrerelease information]
Want to experience Defender for Endpoint? Sign up for a free trial.
In this step, you're ready to configure Microsoft Defender for Endpoint capabilities.
In many cases, organizations have existing endpoint security products in place. The bare minimum being an antivirus solution, but in some cases, an organization might have existing endpoint detection and response solution.
It's common that Defender for Endpoint needs to exist along side these existing endpoint security products either indefinitely or during a cutover period. Fortunately, Defender for Endpoint and the endpoint security suite is modular and can be adopted in a systematic approach.
Onboarding devices effectively enables the endpoint detection and response capability of Microsoft Defender for Endpoint. After onboarding the devices, you'll then need to configure the other capabilities of the service. The following table lists the capabilities you can configure to get the best protection for your environment and the order Microsoft recommends for how the endpoint security suite should be enabled.
| Capability | Description | Adoption Order Rank |
|---|---|---|
| Endpoint Detection & Response (EDR) | Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. | 1 |
| Configure Microsoft Defender Vulnerability Management | Defender Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities. - Invaluable device vulnerability context during incident investigations. - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager. |
2 |
| Configure Next-generation protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus. - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). - Dedicated protection updates based on machine learning, human and automated big-data analysis, and in-depth threat resistance research. |
3 |
| Configure attack surface reduction | Attack surface reduction capabilities in Microsoft Defender for Endpoint help protect the devices and applications in the organization from new and emerging threats. | 4 |
| Configure Auto Investigation & Remediation (AIR) capabilities | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature uses various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. AIR significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. | Not applicable |
| Configure Microsoft Defender Experts capabilities | Microsoft Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. | Not applicable |
For more information, see Supported Microsoft Defender for Endpoint capabilities by platform. [!INCLUDE Microsoft Defender for Endpoint Tech Community]