Identify Defender for Endpoint architecture and deployment method
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
You've already completed steps to set up your Microsoft Defender for Endpoint deployment and assigned roles and permissions for Defender for Endpoint. Next, plan for onboarding your devices by identifying your architecture and choosing your deployment method.
We understand that every enterprise environment is unique, so we've provided several options to give you the flexibility in choosing how to deploy the service. Deciding how to onboard endpoints to the Defender for Endpoint service comes down to two important steps:
Step 1: Identify your architecture
Depending on your environment, some tools are better suited for certain architectures. Use the table below to decide which Defender for Endpoint architecture best suits your organization.
|Cloud-native||We recommend using Microsoft Intune to onboard, configure, and remediate endpoints from the cloud for enterprises that don't have an on-premises configuration management solution or are looking to reduce their on-premises infrastructure.|
|Co-management||For organizations that host both on-premises and cloud-based workloads we recommend using Microsoft's ConfigMgr and Intune for their management needs. These tools provide a comprehensive suite of cloud-powered management features, as well as unique co-management options to provision, deploy, manage, and secure endpoints and applications across an organization.|
|On-premises||For enterprises that want to take advantage of the cloud-based capabilities of Microsoft Defender for Endpoint while also maximizing their investments in Configuration Manager or Active Directory Domain Services, we recommend this architecture.|
|Evaluation and local onboarding||We recommend this architecture for SOCs (Security Operations Centers) that are looking to evaluate or run a Microsoft Defender for Endpoint pilot, but don't have existing management or deployment tools. This architecture can also be used to onboard devices in small environments without management infrastructure, such as a DMZ (Demilitarized Zone).|
Step 2: Select deployment method
Once you have determined the architecture of your environment and have created an inventory as outlined in the requirements section, use the table below to select the appropriate deployment tools for the endpoints in your environment. This will help you plan the deployment effectively.
|Windows||Local script (up to 10 devices)
Microsoft Intune/ Mobile Device Manager
Microsoft Configuration Manager
|Integration with Microsoft Defender for Cloud|
Mobile Device Management
|Linux servers||Local script
Mobile Application Manager
For devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager, you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Intune.
After choosing your Defender for Endpoint architecture and deployment method continue to Step 4 - Onboard devices.
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.