Welcome back! So, now you know what Defender for Endpoint is, what it does, and what requirements you have to meet before using it, let’s take a quick look at the planning process for a deployment of Defender for Endpoint. 

At a high level, there are three steps to the planning process. They include the identification of your environment’s architecture, the selection of the type of deployment tool, and guidance on how to configure capabilities.

Because every environment is unique, Microsoft offers several deployment options for those who wish to deploy Defender for Endpoint. For example, there are cloud-native scenarios, there are situations where co-management is involved, there are on-prem architectures to account for, and there are even deployment scenarios that are entirely for evaluation and local onboarding.

The link in the transcript of this lesson takes you to the MDATP Deployment Strategy guide, which can be used to select the appropriate Defender for Endpoint architecture that best suits your particular situation.

Once you’ve identified the proper architecture, you need to select a deployment method. Since Defender for Endpoint supports lots of different endpoints, it’s important to choose the deployment method that fits your specific devices.

The table on your screen shows the different endpoints that are supported by Defender for Endpoint, along with the deployment tools that you can use for each endpoint.

Once you’ve onboarded your endpoints, you need to configure the different security capabilities in Defender for Endpoint. The security capabilities that you have to configure include endpoint detection and response, next-generation protection, and attack surface reduction.

After you’ve completed your deployment planning, you can perform the actual deployment, which is also performed in phases, starting with the Preparation phase. During the initial preparation phase, you research things you need to consider when deploying Defender for Endpoint. For example, you’ll need to determine who the stakeholders are and who will provide necessary approvals. You’ll also want to account for environment considerations, access permissions, and adoption order of capabilities.

After working through the Preparation phase of your deployment, you’ll need to work through the Setup phase. During the setup phase, you decide on the steps you need to take to access the portal. Considerations and tasks include license validation, completion of the setup wizard, and network configuration.

The last phase is the Onboarding phase. During this last deployment phase, you learn how to make use of deployment rings, you learn about the supported onboarding tools, based on the type of endpoints you are dealing with, and, of course, configuring available capabilities.