| title | description | ms.service | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.subservice | search.appverid | ms.date | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Onboard to Microsoft Defender for Endpoint |
Learn how to onboard endpoints to Microsoft Defender for Endpoint service. |
defender-endpoint |
deniseb |
deniseb |
medium |
deniseb |
ITPro |
|
conceptual |
onboard |
met150 |
04/03/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
The deployment tool you use influences how you onboard endpoints to the service.
To start onboarding your devices:
- Go to Select deployment method.
- Choose the Operating System for the devices you wish to Onboard.
- Select the tool you plan to use.
- Follow the instructions to Onboard your devices.
This video provides a quick overview of the onboarding process and the different tools and methods.
[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bGqr]
A ring-based approach is a method of identifying a set of endpoints to onboard and verifying that certain criteria are met before proceeding to deploy the service to a larger set of devices. You can define the exit criteria for each ring and ensure that they're satisfied before moving on to the next ring. Adopting a ring-based deployment helps reduce potential issues that could arise while rolling out the service.
This table provides an example of the deployment rings you might use:
| Deployment ring | Description |
|---|---|
| Evaluate | Ring 1: Identify 50 devices to onboard to the service for testing. |
| Pilot | Ring 2: Identify and onboard the next 50-100 endpoints in a production environment. Microsoft Defender for Endpoint supports various endpoints that you can onboard to the service, for more information, see Select deployment method. |
| Full deployment | Ring 3: Roll out service to the rest of environment in larger increments. For more information, see Get started with your Microsoft Defender for Endpoint deployment. |
An example set of exit criteria for each ring can include:
- Devices show up in the device inventory list
- Alerts appear in dashboard
- Run a detection test
- Run a simulated attack on a device
For Windows and/or Windows Servers, you select several machines to test ahead of time (before patch Tuesday) by using the Security Update Validation program (SUVP).
For more information, see:
- What is the Security Update Validation Program
- Software Update Validation Program and Microsoft Malware Protection Center Establishment - TwC Interactive Timeline Part 4
With macOS and Linux, you could take a couple of systems and run in the Beta channel.
Note
Ideally at least one security admin and one developer so that you are able to find compatibility, performance and reliability issues before the build makes it into the Current channel.
The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in Beta are the first ones to receive updates and new features, followed later by Preview and lastly by Current.
:::image type="content" source="media/insider-rings.png" alt-text="The insider rings." lightbox="media/insider-rings.png":::
In order to preview new features and provide early feedback, it's recommended that you configure some devices in your enterprise to use either Beta or Preview.
Warning
Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location.
To provide some guidance on your deployments, in this section we guide you through using two deployment tools to onboard endpoints.
The tools in the example deployments are:
For some additional information and guidance, check out the PDF or Visio to see the various paths for deploying Defender for Endpoint.
The example deployments will guide you on configuring some of the Defender for Endpoint capabilities, but you'll find more detailed information on configuring Defender for Endpoint capabilities in the next step.
After onboarding the endpoints move on to the next step where you'll configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.