An introduction to Microsoft Defender for Endpoint

With the introduction of Microsoft 365 Lighthouse, which will make a huge difference for every MSP in the bizz, the announcement to include Microsoft Defender Antivirus as a component is really great.

Because Lighthouse will give you active alerts on Antivirus (and further options with compliance policies) you will have the opportunity to monitor the endpoints trough this portal.

I wanted to recheck and capture the basic steps of providing Endpoint Security to customers starting from the Business Premium license ( more information can be found here about the capabilities:

So how do you get things started for Microsoft Defender for Endpoint?

In this blog I will show you the basic setup in which we combine Endpoint Manager with Microsoft Defender for Endpoint and set some basic rules. We will also use Conditional Access in conjunction with MDfE so compromised devices immediately lose access to all the cloud services of M365.

Sounds awesome right? Let’s start!

Enable MDfE integration with Endpoint Manager

The first thing we will need to do is ensure that all MDM joined machines are automatically onboarded to MDfE.
There are various ways to do this, either by Endpoint Manager (Intune), Endpoint Manager Configuration Manager, GPO, and local script. The easiest way is onboarding through Endpoint Manager which I’m going to show you in this video.
We will be integrating MDfE with Endpoint Manager which is an option natively built into MDATP.

Creating a configuration profile for onboarding

The next thing we will have to do is create a onboarding profile.
Because we’ve integrated MDfE with Endpoint Manager in the previous step, the profile will automatically contain the necessary information to onboard the device.

Configure the Defender for Endpoint policies for your endpoints

Then we’re going to define our Endpoint Security options so MDfE has the right options enabled. The options I’m enabling in this video are only meant for demonstration purposes, you will need to adjust them to your own needs.

Setting a compliance policy to check the status

To make sure the status of MDfE is a requirement for devices to be compliant, we will create a compliance policy which will check the status of MDfE and turn the device into a non compliant state once a security alerts gets triggered.

Applying conditional access based on device compliancy status

The last thing is creating conditional access policies that will allow or deny access to all the M365 products.
I’ve chosen to block access to all the applications but same thing applies here, adjust them to your own requirements.
As you can see a compliant device will have access to Teams, while a non compliant device is denied access.
Denying access counts for both browser and app based sessions.

I hope you’ve enjoyed my introduction to this great product.
Of course there is much more to tell about MDfE which I might do in the future *wink wink*…

For now, if you have any questions please let me know in the box below.

Have a great day!

Dit vind je misschien ook leuk...

Geef een reactie

%d bloggers liken dit: