Silvio Di Benedetto - Microsoft Defender for Endpoint: integration with Endpoint Manager

Questo articolo è disponibile anche in lingua italiana al seguente link: Microsoft Defender for Endpoint: integrazione con Microsoft Endpoint Manager | WindowServer.it

Protecting your endpoints should be one of the most important things, because they are, and always will be, one of the main vehicles of attack by hackers and people who want to cause harm to your company. Windows Defender is considered an excellent product but it is now essential to extend the protection part in a more pro-active way and that can work on multiple levels: from network discovery, to checking for missing patches at the software and operating system level, passing from blocking potentially dangerous websites.

So using Microsoft Defender for Endpoint is almost a must that every company should implement to protect their users. Why choose Defender for Endpoint over other solutions on the market? Here are some features present:

Advanced integration with Windows 10 and Windows Server
Protection for macOS, Linux, Android and iOS
Missing patch detection
Detection of outdated software
Detection of services and processes that are potentially not useful and to be deactivated
Endpoint behavior analysis and reporting
Web content filtering

To this list are added the classic antivirus and antimalware functions integrated with the cloud. So, given that Microsoft Defender for Endpoint is the perfect product for our devices, how do we centrally distribute it in a cloud-oriented model? In this article we will see how to activate integration with Microsoft Endpoint Manager.

Enable Service

The service is available by purchasing the Microsoft Defender for Endpoint license or within the Microsoft 365 E5 license. Once activated, it will be necessary to enable integration with Microsoft Endpoint Manager (still called Microsoft Intune) – figure 1.

Once done, you will need to download the package for integration with MEM – figure 2.

Obviously, onboarding can be done manually, if you have very few devices, or via Microsoft Endpoint Configuration Manager.

The next step is to connect MEM with Defender for Endpoint; this is done in the Endpoint Manager portal – Security – Microsoft Defender for Endpoint – figure 3.

Once the connector is enabled, a new configuration profile must be created to be distributed on the clients – figure 4.

The previously downloaded file will be inserted in the onboarding file – figure 5.

The integration is totally transparent for the user but will automatically enable all the various rules set within the Microsoft Security Center web portal. To see the onboarding status there is a dashboard that shows the summary of our endpoints – figure 6.

The same result, albeit in less detail, can be seen in the same section of Microsoft Endpoint Manager where the connector is enabled – figure 7.

Reporting

To view the health status of the antivirus, a report is also available in MEM, which offers a very detailed overview – figure 8.

Conclusions

The integration between Defender for Endpoint and Microsoft Endpoint Manager is definitely an easy way to centrally manage integration with Windows Defender.