How to onboard Defender via userdata scripts?

Question

I am trying to onboard defender to windows servers.

By following onboarding steps 1 to 4 in this doco, I was able to onboard defender to windows servers manually. However, we are using userdata powershell scripts for our windows server. I need to put all the steps into the scripts so when a new server is launched, defender will be onboarded automatically. I couldn't find the proper commands in any doco.

Could you please if it's possible to put those steps into powershell commands? If so, could you please advise the commands?

Thanks.

Answer 1

Those instructions are as for non-persistent virtual desktops, meaning virtual desktops that are reimaged on a regular basis. This is a special process that allows a device to be reimaged repeatedly while retaining the same device ID. Ordinarily, all devices get a new ID when onboarding, even if they have the same name. Without this control, these devices all get loaded with the device ID of the host which is extremely problematic.

There are several onboarding options for servers that should be considered instead. https://learn.microsoft.com/en-us/defender-endpoint/onboard-windows-server

1. Most common is Defender for Servers, which onboards servers to MDE automatically.
2. GPO for domain joined servers.
3. I am seeing more and more using Settings Management (formerly MDE Attach) https://learn.microsoft.com/en-us/defender-endpoint/mde-security-settings-management
4. You also have MECM and local script which are less common. The later only used in testing.

Point being that there are many well tested methods for deploying MDE automatically without resorting to some form of custom script. You should try to use one of these options instead. This will also reduce confusion as other employees and consultants take responsibility for onboarding in the future. They are more likely to recognize one of these standard methods.