Manage Microsoft Defender for Endpoint with Configuration Manager

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

We recommend using Microsoft Intune or Configuration Manager (Configuration Manager) to manage your organization's threat protection features for devices (also referred to as endpoints).

This article describes how to manage Defender for Endpoint settings with Configuration Manager, and lists various tasks you can perform.

Configure Microsoft Defender for Endpoint with Configuration Manager

Task Resources to learn more
Install the Configuration Manager console if you don't already have it

If you don't already have the Configuration Manger console, use these resources to get the bits and install it.
Get the installation media

Install the Configuration Manager console
Use Configuration Manager to onboard devices to Microsoft Defender for Endpoint

If you have devices (or endpoints) not already onboarded to Microsoft Defender for Endpoint, you can do that with Configuration Manager.
Onboard to Microsoft Defender for Endpoint with Configuration Manager
Manage antimalware policies and Windows Firewall security for client computers (endpoints)

Configure endpoint protection features, including Microsoft Defender for Endpoint, exploit protection, application control, antimalware, firewall settings, and more.
Configuration Manager: Endpoint Protection
Choose methods for updating antimalware updates on your organization's devices

With Endpoint Protection in Configuration Manager, you can choose from several methods to keep antimalware definitions up to date on your organization's devices.
Configure definition updates for Endpoint Protection

Use Configuration Manager to deliver definition updates
Enable Network Protection to help prevent employees from using apps that malicious content on the Internet

We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out.
Turn on network protection with Configuration Manager
Configure controlled folder access to protect against ransomware

Controlled folder access is also referred to as antiransomware protection.
Endpoint protection: Controlled folder access

Enable controlled folder access in Microsoft Endpoint Configuration Manage

Configure your Microsoft Defender portal

If you haven't already done so, configure your Microsoft Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See While the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the Microsoft Defender portal. You can also configure whether and what features end users can see in the Microsoft Defender portal.

Next steps


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.