This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to:
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
The deployment tool you use influences how you onboard endpoints to the service.
To start onboarding your devices:
This video provides a quick overview of the onboarding process and the different tools and methods.
A ring-based approach is a method of identifying a set of endpoints to onboard and verifying that certain criteria are met before proceeding to deploy the service to a larger set of devices. You can define the exit criteria for each ring and ensure that they're satisfied before moving on to the next ring. Adopting a ring-based deployment helps reduce potential issues that could arise while rolling out the service.
This table provides an example of the deployment rings you might use:
| Deployment ring | Description |
|---|---|
| Evaluate | Ring 1: Identify 50 devices to onboard to the service for testing. |
| Pilot | Ring 2: Identify and onboard the next 50-100 endpoints in a production environment. Microsoft Defender for Endpoint supports various endpoints that you can onboard to the service, for more information, see Select deployment method. |
| Full deployment | Ring 3: Roll out service to the rest of environment in larger increments. For more information, see Get started with your Microsoft Defender for Endpoint deployment. |
An example set of exit criteria for each ring can include:
For Windows and/or Windows Servers, you select several machines to test ahead of time (before patch Tuesday) by using the Security Update Validation program (SUVP).
For more information, see:
With macOS and Linux, you could take a couple of systems and run in the Beta channel.
Note
Ideally at least one security admin and one developer so that you are able to find compatibility, performance and reliability issues before the build makes it into the Current channel.
The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in Beta are the first ones to receive updates and new features, followed later by Preview and lastly by Current.
In order to preview new features and provide early feedback, it's recommended that you configure some devices in your enterprise to use either Beta or Preview.
Warning
Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location.
To provide some guidance on your deployments, in this section we guide you through using two deployment tools to onboard endpoints.
The tools in the example deployments are:
For some additional information and guidance, check out the PDF or Visio to see the various paths for deploying Defender for Endpoint.
The example deployments will guide you on configuring some of the Defender for Endpoint capabilities, but you'll find more detailed information on configuring Defender for Endpoint capabilities in the next step.
After onboarding the endpoints move on to the next step where you'll configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Training
Module
Deploy the Microsoft Defender for Endpoint environment - Training
Deploy the Microsoft Defender for Endpoint environment
Certification
Microsoft 365 Certified: Endpoint Administrator Associate - Certifications
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.