Enable Microsoft Defender for Endpoint evaluation environment

This article will guide you through the steps on setting up the evaluation environment for Microsoft Defender for Endpoint using production devices.


Microsoft Defender for Endpoint also comes with an in-product evaluation lab where you can add pre-configured devices and run simulations to evaluate the capabilities of the platform. The lab comes with a simplified set-up experience that can help quickly demonstrate the value of Microsoft Defender for Endpoint including guidance for many features like advanced hunting and threat analytics. For more information, see Evaluate capabilities.
The main difference between the guidance provided in this article and the evaluation lab is the evaluation environment uses production devices whereas the evaluation lab uses non-production devices.

Use the following steps to enable the evaluation for Microsoft Defender for Endpoint.

The steps to enable Microsoft Defender for Endpoint in the Microsoft Defender evaluation environment

Step 1. Check license state

You'll first need to check the license state to verify that it was properly provisioned. You can do this through the admin center or through the Microsoft Azure portal.

  1. To view your licenses, go to the Microsoft Azure portal and navigate to the Microsoft Azure portal license section.

    The Azure Licensing page in the Microsoft 365 Defender portal

  2. Alternately, in the admin center, navigate to Billing > Subscriptions.

    On the screen, you'll see all the provisioned licenses and their current Status.

    The Billing licenses page in the Microsoft Azure portal

Step 2. Onboard endpoints using any of the supported management tools

After verifying that the license state has been provisioned properly, you can start onboarding devices to the service.

For the purpose of evaluating Microsoft Defender for Endpoint, we recommend choosing a couple of Windows devices to conduct the evaluation on.

You can choose to use any of the supported management tools, but Intune provides optimal integration. For more information, see Configure Microsoft Defender for Endpoint in Microsoft Intune.

The Plan deployment topic outlines the general steps you need to take to deploy Defender for Endpoint.

Watch this video for a quick overview of the onboarding process and learn about the available tools and methods.

Onboarding tool options

The following table lists the available tools based on the endpoint that you need to onboard.

Endpoint Tool options
Windows - Local script (up to 10 devices)
- Group Policy
- Microsoft Intune / Mobile Device Manager
- Microsoft Endpoint Configuration Manager
- VDI scripts
macOS - Local scripts
- Microsoft Intune
- JAMF Pro
- Mobile Device Management
iOS App-based
Android Microsoft Intune

Next step

Setup the pilot for Microsoft Defender for Endpoint

Return to the overview for Evaluate Microsoft Defender for Endpoint

Return to the overview for Evaluate and pilot Microsoft 365 Defender