Skip to content

11 - Microsoft Defender Platform + Endpoint Configuration

1. Defender for Endpoint

Onboard Devices to Defender ATP & Configure Connection

  1. Within the Security Portal (security.microsoft.us) head to Settings > Endpoints > Advanced Features (default landing page)

  2. Scroll down and find the 'Microsoft Intune Connection' option and toggle it ON

  3. Save settings

Download Onboarding Package

  1. Go to the Onboarding area within the same settings area under 'Device management'

  2. Set the Operating System to Windows 10 and 11

  3. Deployment Method: MDM and Intune

  4. Download Onboarding Package

Configure Intune Connection

  1. Head to the Intune Portal (intune.microsoft.us) head to Endpoint Security > Microsoft Defender for Endpoint

  2. Verify it says 'Available' at the top for Connection Status

  3. Under the 'Compliance Policy evaluation' section enable Connect Windows Devices

  4. Under the 'Endpoint Security Profile Settings' section enable Allow Defender to Enforce Configs

  5. Save up the top, the Connection Status should now change to Enabled

Create Defender for Endpoint Onboarding Policy

  1. Head to Devices > Windows > Configuration > Create > New Policy > Windows 10 or later > Templates > Microsoft Defender for Endpoint

  2. Configure the policy:

    • Name: Microsoft Defender for Endpoint Onboarding
    • Description: Enrolls and configures Cloud PCs to be managed by MS Defender ATP
    • Configuration type: Onboard
    • Extract the ZIP file you downloaded earlier (onboarding package)
    • Upload the extracted '.onboarding' file
    • Leave sample sharing set to 'Not configured'
    • Enable Expedite Telemetry
    • Assign Policy to the 'Devices - Cloud PCs - Dynamic' group

  3. Create policy

Configure Advanced Features

  1. Go to Settings > Endpoints > Advanced Features (default landing page)

  2. Ensure the following settings are Enabled:

    • Enable EDR in block mode
    • Allow or Block file
    • Tamper Protection
    • Microsoft Defender for Cloud Apps
    • Live Response
    • Web Content Filtering

  3. Save Settings

  4. Then go to Web Content Filtering underneath the 'Rules' section on the side and add a policy:

    • Name: Web Content Filtering Baseline
    • Select the Adult Content & Legal Liability categories fully and apply to all machines

2. CloudApp Security Enablement

Enable File Monitoring

  1. Go to Security Portal (security.microsoft.us)

  2. Settings > Cloud Apps > Information Protection Section > Files

  3. Turn on and save

Enable User Enrichment

  1. Go to the Cloud Discovery section > User enrichment

  2. Turn on and save

Enable Defender for Endpoint App Access

  1. Go to the Cloud Discovery section > Microsoft Defender for Endpoint

  2. Turn on Enforce app access and save

Enable MS Information Protection Inspection

  1. Go to Information Protection section > Microsoft Information Protection

  2. Tick the first box and save

  3. Grant permission for it to inspect protected files

Connect Microsoft 365 for Monitoring

  1. Go to the Connected Apps section > App Connectors > Connect an App > Microsoft 365

  2. Tick ALL options and connect Microsoft 365

Connect Microsoft Azure for Monitoring

  1. Connected Apps section > App Connectors > Connect an App > Microsoft Azure

  2. Connect Microsoft Azure