Microsoft Defender for Endpoint setup guide

What is Microsoft Defender for Endpoint?

You might need to sign in to the Microsoft 365 admin center at certain points during this guide to use built-in tools, assign tasks in this guide to other admins, track your progress, and configure Microsoft 365 settings, at which point you'll have to start over and lose any entries. You can sign in now to avoid restarting this guide later.
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help your networks prevent, detect, investigate, and respond to advanced threats.

Why use this guide?

This guide helps you deploy Microsoft Defender for Endpoint. It also helps you configure preventative protection, post-breach detection, automated investigation, and response features in Defender for Endpoint.

What to expect

This guide covers Microsoft Defender for Endpoint plans, deployment prerequisites, device onboarding, and recommended configurations. The following table offers a breakdown of the features included in Microsoft Defender for Endpoint Plans 1 and 2.
To prepare your organization for Microsoft Defender for Endpoint, first review the required subscriptions and prerequisites and decide which deployment is best for your organization. Then, onboard your devices and configure Microsoft Defender for Endpoint capabilities. Finally, consult the resources provided to help you protect your endpoints and detect, investigate, and respond to threats.
Learn more about these components that define Microsoft Defender for Endpoint under the Configuration step:
  • Attack surface reduction
  • Mobile threat defense
  • Next-generation protection
  • Auto investigation and remediation
  • Microsoft Secure Score
  • Endpoint detection and response
  • Threat and vulnerability management