1. Home
  2. Training Library
  3. Microsoft 365
  4. Courses
  5. Intro to Microsoft Defender for Endpoint

Prerequisites and Requirements

Contents

keyboard_tab
Course Introduction
Getting Started with Defender for Endpoint
Start course
Overview
Difficulty
Intermediate
Duration
14m
Students
68
Ratings
5/5
starstarstarstarstar
Description

This course explores Microsoft Defender for Endpoint and you’ll learn what it is and what it offers. We'll cover the prerequisites and requirements that you must meet before deploying Defender for Endpoint. And finally, we'll look at the planning steps that you should follow when planning a Defender for Endpoint deployment.

Learning Objectives

  • Get a foundational understanding of the Microsoft Defender for Endpoint service
  • Learn about the requirements for deploying the service
  • Learn how to plan a Defender for Endpoint Deployment

Intended Audience

This is intended for those who wish to learn what Microsoft Defender for Endpoint is, what it does, and how to plan for deployment.

Prerequisites

To get the most out of this course, you should have a basic understanding of Microsoft 365.

Transcript

As far a licensing goes, Microsoft Defender for Endpoint requires at least one of the Microsoft volume licensing options that you see on your screen:

  • Windows 10 Enterprise E5

  • Windows 10 Education A5

  • Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5

  • Microsoft 365 A5 (M365 A5)

  • Microsoft 365 E5 Security

  • Microsoft 365 A5 Security

  • Microsoft Defender for Endpoint

I should mention, though, that licensed users can use Microsoft Defender for Endpoint on up to five concurrent devices, similar to the licensing of the Office 365 apps. Microsoft Defender for Endpoint can also be purchased through the CSP program. 

As far as Microsoft Defender for Endpoint for Servers goes, using it requires at least one of the licensing options that you see on your screen:

  • Azure Security Center with Azure Defender enabled

  • Microsoft Defender for Endpoint for Server (one per covered server)

Now, with that said, you CAN acquire one server license, per each covered server Operating System Environment, for Microsoft Defender for Endpoint for Servers, provided you own a combined minimum of 50 licenses for one or more of the user licenses you see on your screen:

  • Microsoft Defender for Endpoint

  • Windows E5/A5

  • Microsoft 365 E5/A5

  • Microsoft 365 E5/A5 Security

Now, since Defender for Endpoint is accessed via an internet browser, you also need to use a browser that is supported by Defender for Endpoint. That being the case, while many browsers will work, the only two that are actually supported are Microsoft Edge and Google Chrome.

As far as Windows operating systems go, Defender for Endpoint supports those that you see on your screen. Notice that it’s pretty much the whole gamut of OS versions for both workstations and servers.

  • Windows 7 SP1 Enterprise (Requires ESU for support.)

  • Windows 7 SP1 Pro (Requires ESU for support.)

  • Windows 8.1 Enterprise

  • Windows 8.1 Pro

  • Windows 10 Enterprise

  • Windows 10 Enterprise LTSC 2016 (or later)

  • Windows 10 Education

  • Windows 10 Pro

  • Windows 10 Pro Education

  • Windows server

  • Windows Server 2008 R2 SP1

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server, version 1803 or later

  • Windows Server 2019

  • Windows Virtual Desktop

I should mention that, for those operating systems shown with the ESU notation, Extended Security Updates are required. 

The Extended Security Update program is for customers who need to run legacy Microsoft products past the end of support. The ESU program includes Critical and Important security updates for a maximum of three years after the product's End of Extended Support date.

Other operating systems that are supported by Defender for Endpoint include Android, iOS, Linux, and macOS. However, you’d need to confirm that the Linux distros and the versions of Android, iOS, and macOS you are using are compatible with Defender for Endpoint as well. 

Supported Linux server distributions and versions include Red Hat Enterprise Linux 7.2 or higher, CentOS 7.2 or higher, Ubuntu 16.04 LTS or higher LTS, Debian 9 or higher, SUSE Linux Enterprise Server 12 or higher, and Oracle Linux 7.2 or higher. The minimum kernel version for these is 3.10.0-327.

As far as Android goes, at the time of this recording, Android devices running Android 6.0 and above are supported. For IOS, devices running iOS 11.0 and above are supported, as are iPad devices from version 1.1.15010101 onward. As for MacOS, the three most recent major releases of macOS are supported.

I should also mention that when you onboard the first time, you have to choose where the Microsoft Defender for Endpoint-related information is stored. You have a choice of the European Union, the United Kingdom, or the United States.

Before deploying Defender for Endpoint, you’ll also need to ensure that the diagnostic data service is enabled on all devices you wish to protect. Since this this service is typically enabled by default, it’s usually not an issue, but you should always check just to be sure.

And, as far as internet connectivity goes, since your endpoint sensors will be communicating with the service in the cloud, it stands to reason that you’ll also need internet connectivity on your devices either directly or through a proxy.

And lastly, since the Defender for Endpoint agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them, you’ll need to ensure Microsoft Defender Antivirus is turned on, even if only in passive mode. More specifically, Microsoft states that if you’ve turned off Microsoft Defender Antivirus through group policy or other methods, any devices that are onboarded must be excluded from that group policy.

So, as you can probably tell, there are quite a few prerequisites and other requirements that you need to meet if you wish to use Defender for Endpoint in your environment.

About the Author
Avatar
Thomas Mitchell
Instructor
Students
45308
Courses
59
Learning Paths
18

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.