The course is part of these learning paths
This course explores Microsoft Defender for Endpoint and how to implement it. We’ll start off with a quick overview of the three deployment phases that you’ll need to complete in order to implement Defender for Endpoint. We’ll then run through each of the individual deployment phases in a bit more detail.
Learning Objectives
By the time you finish this course, you should have a good understanding of what steps you need to take to implement Microsoft Defender for Endpoint.
Intended Audience
This course is intended for anyone who wishes to learn about the steps involved in implementing Microsoft Defender for Endpoint.
Prerequisites
To get the most out of this course, you should have a fundamental understanding of basic endpoint protection concepts.
Welcome back. Once you’ve completed your deployment preparations, you can begin the setup phase. During the setup phase, you need to validate licensing, configure your tenant, and perform relevant network configuration tasks. We’ll touch on each of these in this lesson.
When you validate your licensing, what you are doing is confirming the license state of each of your owned licenses and whether or not they are properly provisioned. It’s easy enough to do this simply by browsing to the Admin Center or to the Azure portal.
As you can see on your screen, you can view your licenses by navigating to the license section within the Azure portal.
I should also mention that you can also validate your licensing by browsing to Billing | Subscriptions.
If you purchased your licensing through the CSP program, you could also validate your licenses by browsing to the Partner portal, selecting Administer services, and then browsing to Office 365.
Once you’ve validated your licensing, you need to configure your tenant. To do this, you have to onboard Microsoft Defender for Endpoint. To onboard Defender for Endpoint, you should browse to the Microsoft 365 Security Center, and then to any item under the Endpoints section from the navigation menu, or select any Microsoft 365 Defender feature, like Incidents, Hunting, Action center, or even Threat analytics.
The last step in the setup phase is network configuration. However, this is only necessary if your endpoints use a Proxy to access the Internet. If they don’t, there is no further configuration necessary.
Now, if your endpoints DO require a proxy to access the internet, you need to understand the requirements for the Defender for Endpoint sensor. The Endpoint sensor requires WinHTTP in order to communicate with the Microsoft Defender for Endpoint service in the cloud.
WinHTTP can only autodiscover a proxy server via the Transparent proxy autodiscovery method OR the Web Proxy Autodiscovery Protocol, or WPAD.
If you already have a Transparent proxy implemented, or WPAD implemented in your environment, you don’t have to perform any further configuration.
In addition to the two proxy autodiscovery methods I just touched on, you can also configure proxy settings manually. You can do this via the registry or via the netsh command.
Now, I don’t want to take you down the rabbit hole of how to perform each of these configuration tasks, because, frankly, I don’t think Microsoft is going to ask you for this level of detail. That said, if you want to familiarize yourself with them, you should visit the URL that I’ve linked to in the transcript.
Once you’ve completed the steps we covered in this lesson, you can begin the last phase of deployment – the onboarding of devices to Defender for Endpoint. We’ll touch on this in the next lesson.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.