Manage Microsoft Defender for Endpoint with Configuration Manager
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
We recommend using Microsoft Intune or Configuration Manager (Configuration Manager) to manage your organization's threat protection features for devices (also referred to as endpoints).
This article describes how to manage Defender for Endpoint settings with Configuration Manager, and lists various tasks you can perform.
Configure Microsoft Defender for Endpoint with Configuration Manager
| Task | Resources to learn more |
|---|---|
| Install the Configuration Manager console if you don't already have it If you don't already have the Configuration Manger console, use these resources to get the bits and install it. |
Get the installation media Install the Configuration Manager console |
| Use Configuration Manager to onboard devices to Microsoft Defender for Endpoint If you have devices (or endpoints) not already onboarded to Microsoft Defender for Endpoint, you can do that with Configuration Manager. |
Onboard to Microsoft Defender for Endpoint with Configuration Manager |
| Manage antimalware policies and Windows Firewall security for client computers (endpoints) Configure endpoint protection features, including Microsoft Defender for Endpoint, exploit protection, application control, antimalware, firewall settings, and more. |
Configuration Manager: Endpoint Protection |
| Choose methods for updating antimalware updates on your organization's devices With Endpoint Protection in Configuration Manager, you can choose from several methods to keep antimalware definitions up to date on your organization's devices. |
Configure definition updates for Endpoint Protection Use Configuration Manager to deliver definition updates |
| Enable Network Protection to help prevent employees from using apps that malicious content on the Internet We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out. |
Turn on network protection with Configuration Manager |
| Configure controlled folder access to protect against ransomware Controlled folder access is also referred to as antiransomware protection. |
Endpoint protection: Controlled folder access Enable controlled folder access in Microsoft Endpoint Configuration Manage |
Configure your Microsoft Defender portal
If you haven't already done so, configure your Microsoft Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See While the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the Microsoft Defender portal. You can also configure whether and what features end users can see in the Microsoft Defender portal.
Next steps
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Submit and view feedback for