Windows Defender Endpoint Protection has grown its reach over the past few years. Aside from Windows and Windows Server, it is now available in macOS, iOS, Android, and Linux server distributions as well.
However, feature availability varies per operating system. The same goes for the tools that deploy it and provide ongoing management.
Read on to know more details about Windows Defender Endpoint Protection and what it can do for your organization. You’ll learn about licensing, the different features you can leverage, and a general strategy for onboarding tools.
Windows Defender Endpoint Protection Licensing
Similar to Office 365, licensed Windows Defender Endpoint Protection users can apply it on five devices. The service can be licensed alone, but you’re more likely to see it as part of the E5 or A5 packages. This includes:
- Windows 10 Enterprise E5
- Microsoft 365 E5
- Microsoft 365 E5 Security add-on
End-user devices are covered above, but you must also consider the server estate. For servers managed by Azure Security Center, Windows Defender Endpoint Protection is included as part of Azure Defender, or you can license it separately using Microsoft Defender for Endpoint for Server. Unlike the client license that allows you to use five devices, this licensing only allows you to use one device per server.
Windows Defender Endpoint Protection OS Tech Support and Feature Accessibility
Onboarding is the process of enrolling a device in Windows Defender Endpoint Protection. When a device is deployed, telemetry is collected, threats discovered by the EDR system can be remediated, and additional features like Live Response can be used on supported systems.
Things get a little complex after this point, although not always obvious. Onboarding processes may differ depending on your OS, endpoint detection and response tool (EDR), and the features available.
Let’s start with Windows. On the client-side, only Pro and Enterprise plans are available. You can install Windows 7 SP1 or Windows 8.1 on top of Windows 10 (with Azure Virtual Desktop). Windows 10 is supported from version 1607, but you can upgrade to version 1803+ since that’s when the best features really start to open up.
Long Term Servicing Channel (LTSC) versions 2008 R2 SP1, 2012 R2, 2016, and 2019 are supported by Windows Server. You’ll need at least version 1803 if you’re utilizing Semi-Annual Channel (SAC).
This is what Windows supports, but take note that they aren’t created equal. This is because different components required by MDE have been built into the OS over time.
Windows Defender Endpoint Protection is made up of two core elements. First is the endpoint protection platform or engine, which can scan files, eliminate them, adopt policies, among others.
The second one is the endpoint detection and response. This sends all of the endpoint’s telemetry and information to the cloud service, where it can be utilized to fuel investigations, mitigate incidents, detect threats that go beyond signatures and into behavior patterns, and populate databases for deeper scanning.
Windows Defender Endpoint Protection Onboarding and Deployment Paths
While you cannot install Windows Defender Endpoint Protection from the Microsoft 365 security portal, you can still use a settings page that gives clear instructions on how to proceed based on the tools in your resources, such as Microsoft mobile device management (MDM) or orchestration.
All platforms supported by Windows Defender Endpoint Protection also assist in manual deployments, whether it be running a script or installing an app. For devices completely enrolled in Intune, you can use that as your deployment tool. Meanwhile, if you only utilize mobile application management on Android and iOS, customers can manually install the app from the store.
Dealing with your Existing Windows Defender Endpoint Protection
Project management requires you to put in a lot of effort into planning the deployment of tools. By knowing the platforms supported and their feature level, you can determine which you’re going to onboard and what are the necessary tools to do so.
Consider who needs access to those tools and how they can obtain it to complete the migration. Fundamentals, like network connectivity to Microsoft cloud services, are put to the test.
Take into account the devices and people in your test group. This migration should not be done in a one-time big-time fashion. Most businesses begin with their IT department and then spread it from there, from department to department or one place to another.
Adding devices to the service is only the beginning. Windows Defender Endpoint Protection settings must be set up, while key service-side settings and functionalities must be understood and managed.