Monday, March 14, 2022

Seamless Onboarding Cloud Native Win10 PCs to MDE Using MEM

Planning for Microsoft Defender for Endpoint?

If you’re planning to move to Microsoft Defender for Endpoint, you will need to start with your organization’s architecture. The deployment tools you are going to use for onboarding devices to Microsoft Defender for Endpoint will depend on the type of architecture you have.

In this blog, we are going to be restricted to onboarding cloud native Windows10 devices to Microsoft Defender for Endpoint with the help of Microsoft Endpoint Manager tool.

 

absharan_0-1647271245841.png

 

Identify architecture

You can use Microsoft Defender for Endpoint in your environment in different ways to meet your needs. The first step is to classify how your company is structured. Choose the architecture that best maps to your needs.

 

Cloud-native

absharan_1-1647271245871.png

 

You should choose a cloud-native architecture if your organization's devices are based in the cloud. For example, if all devices are managed by Microsoft Endpoint Manager, or if your organization would like to move to them in the future to be managed by Microsoft Endpoint Manager.

 

Co-management

absharan_2-1647271245906.png

 

Choose co-management if you have a blended architecture, with devices managed by Microsoft Endpoint Manager and an on-premises configuration management solution.

 

On-premises

absharan_3-1647271245928.png

 

Choose an on-premises architecture if all your devices are using either Configuration Manager or Active Directory Domain Services. Your organization can still benefit from using the power of the cloud-based Microsoft Defender for Endpoint.

 

Select onboarding tools

Once you've identified your organization's architecture, you can identify the tools you'll use to onboard devices to Microsoft Defender for Endpoint. Each architecture type has a selection of tools to use for onboarding:

 

Architecture

Tools

Cloud-native

Microsoft Endpoint Manager

Co-management

Microsoft Endpoint Manager, Configuration Manager

On-premises

Configuration Manager, Group Policy

 

Onboarding Cloud-native Windows10 devices to Microsoft Defender for Endpoint using Microsoft Endpoint Manager

In this section, we will focus on the steps to be performed for seamless onboarding of cloud-native windows10 devices to MDE using MEM.

 

Establish communication between Microsoft Defender for Endpoint & Microsoft Endpoint Manager portal

It is recommended to establish communication between Microsoft Defender for Endpoint & Microsoft Endpoint Manager. Follow the steps below:

  1. Login to http://security.microsoft.com/ and browse to Settings>Endpoints>Advanced Features and enable “Microsoft Intune Connection” and save preferences as shown below:

absharan_4-1647271245959.png

 

This is required as it connects MDE to Microsoft Intune to enable sharing of device information and enhanced policy enforcement. Intune provides additional information about managed devices for secure score.

 

  1. Login to http://endpoint.microsoft.com/ and browse to Endpoint Security>Setup>Microsoft Defender for Endpoint and enable “Connect Windows devices to Microsoft Defender for Endpoint” and save changes as shown below:

absharan_5-1647271246007.png

 

When on, compliance policies using the Device Threat Level rule will evaluate devices including data from this connector.

 

Create a group in Microsoft Endpoint Manager

Its advisable to create a group for your pilot devices to apply desired configurations. Browse to Groups>New Group and create a group relevant to your requirement.

absharan_6-1647271246053.png

 

Create Device Configuration Profile in MEM

For creating Configuration Profile follow the steps mentioned below:                                                                                            

  1. Login to http://endpoint.microsoft.com/ and browse to Devices>Configuration Profiles>Create Profile and select the platform you want to choose & profile type “Templates” and select “Microsoft Defender for Endpoint (desktop devices running Windows 10 or later)” as shown below:

absharan_7-1647271246079.png

 

  1. Click on Create and enter details. Ensure you choose the group that was created for MDE Onboarding as shown below:

absharan_8-1647271246113.png

 

You can add the devices you wish to onboard to MDE in this group and the devices will get onboarded seamlessly

 

  1. Once the configuration profile is created, go to properties and you will find Microsoft Defender for configuration package type is set to Onboard.

absharan_9-1647271246136.png

 

Steps to onboard devices

Once the configuration profile is created, you are all set to onboard your first device to Microsoft Defender for Endpoint. All you need to do is to open the group and add Members to the group as shown below:

 

absharan_10-1647271246173.png

 

It will take few minutes and the devices will get onboarded to Microsoft Defender for Endpoint automatically.

Additionally, you can check the progress in Device Status tab. Browse to Devices>Configuration Profile (which you created for onboarding)>Device Status as shown below:

 

absharan_11-1647271246217.png

 

Posted at https://sl.advdat.com/3tUjN86https://sl.advdat.com/3tUjN86