Welcome back. Once you’ve completed your deployment preparations, you can begin the setup phase. During the setup phase, you need to validate licensing, configure your tenant, and perform relevant network configuration tasks. We’ll touch on each of these in this lesson.

When you validate your licensing, what you are doing is confirming the license state of each of your owned licenses and whether or not they are properly provisioned. It’s easy enough to do this simply by browsing to the Admin Center or to the Azure portal.

As you can see on your screen, you can view your licenses by navigating to the license section within the Azure portal.

I should also mention that you can also validate your licensing by browsing to Billing | Subscriptions.

If you purchased your licensing through the CSP program, you could also validate your licenses by browsing to the Partner portal, selecting Administer services, and then browsing to Office 365.

Once you’ve validated your licensing, you need to configure your tenant. To do this, you have to onboard Microsoft Defender for Endpoint. To onboard Defender for Endpoint, you should browse to the Microsoft 365 Security Center, and then to any item under the Endpoints section from the navigation menu, or select any Microsoft 365 Defender feature, like Incidents, Hunting, Action center, or even Threat analytics.

The last step in the setup phase is network configuration. However, this is only necessary if your endpoints use a Proxy to access the Internet. If they don’t, there is no further configuration necessary.

Now, if your endpoints DO require a proxy to access the internet, you need to understand the requirements for the Defender for Endpoint sensor. The Endpoint sensor requires WinHTTP in order to communicate with the Microsoft Defender for Endpoint service in the cloud. 

WinHTTP can only autodiscover a proxy server via the Transparent proxy autodiscovery method OR the Web Proxy Autodiscovery Protocol, or WPAD.

If you already have a Transparent proxy implemented, or WPAD implemented in your environment, you don’t have to perform any further configuration.

In addition to the two proxy autodiscovery methods I just touched on, you can also configure proxy settings manually. You can do this via the registry or via the netsh command.

Now, I don’t want to take you down the rabbit hole of how to perform each of these configuration tasks, because, frankly, I don’t think Microsoft is going to ask you for this level of detail. That said, if you want to familiarize yourself with them, you should visit the URL that I’ve linked to in the transcript.

Once you’ve completed the steps we covered in this lesson, you can begin the last phase of deployment – the onboarding of devices to Defender for Endpoint. We’ll touch on this in the next lesson.