Edit

Share via


Prepare to deploy Microsoft Defender for Endpoint deployment

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

The first step when deploying Microsoft Defender for Endpoint is to set up your Defender for Endpoint environment.

In this deployment scenario, you're guided through the steps on:

  • Licensing validation
  • Tenant configuration
  • Network configuration

Important

If you want to run multiple security solutions side by side, see Considerations for performance, configuration, and support.

You might have already configured mutual security exclusions for devices onboarded to Microsoft Defender for Endpoint. If you still need to set mutual exclusions to avoid conflicts, see Add Microsoft Defender for Endpoint to the exclusion list for your existing solution.

For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but we won't cover those scenarios in the deployment guide. For more information, see Identify Defender for Endpoint architecture and deployment method.

Tip

As a companion to this article, see our Microsoft Defender for Endpoint setup guide to review best practices and learn about essential tools such as attack surface reduction and next-generation protection. For a customized experience based on your environment, you can access the Defender for Endpoint automated setup guide in the Microsoft 365 admin center.

Check your license state

Checking for the license state and whether it was properly provisioned can be done through the Microsoft 365 admin center or through the Microsoft Azure portal.

Cloud Service Provider validation

To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the Microsoft 365 admin center.

  1. From the Partner portal, select Administer services > Office 365.

  2. Selecting the Partner portal link opens the Admin on behalf option and gives you access to the customer admin center.

    The Office 365 admin portal

Tenant Configuration

To provision Defender for Endpoint in your tenant, follow these steps:

  1. Go to the Microsoft Defender portal and sign in.

  2. In the navigation pane, select any of the following items:

    • Under Assets, select Devices.
    • Under Endpoints, select an item, such as Dashboard or Endpoint security policies.

Data center location

Microsoft Defender for Endpoint stores and process data in the same location as used by Microsoft Defender XDR. If Microsoft Defender XDR hasn't been turned on yet, onboarding to Defender for Endpoint also turns on Defender XDR, and a new data center location is automatically selected based on the location of active Microsoft 365 security services. The selected data center location is shown on the screen.

Network configuration

Ensure devices can connect to the Defender for Endpoint cloud services. The use of a proxy is recommended. See the following articles to configure your network:

  1. Configure your network environment to ensure connectivity with Defender for Endpoint service.

  2. Configure your devices to connect to the Defender for Endpoint service using a proxy.

  3. Verify client connectivity to Microsoft Defender for Endpoint service URLs.

In certain scenarios, you might want to allow traffic to IP addresses. Not all services are accessible in this way and you need to evaluate how to address this potential issue in your environment. For example, you might need to download updates to a central location and then distribute them. For more information, see Configure connectivity using static IP ranges](configure-device-connectivity.md#option-2-configure-connectivity-using-static-ip-ranges).

Next step

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.