Onboarding all devices in your estate is paramount for strong security posture. In fact, Microsoft Threat Intelligence research shows that in the majority of ransomware attacks, the spreader machine was a device that was not yet onboarded. But customers often struggle to follow complex steps that differ by OS, accidentally duplicate devices because they can’t tell whether onboarding is in progress or failed, or have incorrect initial configuration settings causing system incompatibility. That’s why we’re introducing an updated onboarding experience via the Defender deployment tool for Windows that improves progress visibility and adds controls—like package naming and configurable expiry—to help administrators manage onboarding securely at scale.
What’s new
The Defender deployment tool streamlines the onboarding process by dynamically adapting to the operating system, delivering healthy endpoint security to a diverse estate of Windows devices. It is the preferred automated solution that works on modern and legacy devices and removes the need for a separate onboarding file by embedding the onboarding package and all related information within a downloadable .exe that can be run to onboard devices. This updated experience makes onboarding more predictable and transparent, while adding administrative controls that help reduce exposure if onboarding packages are accidentally shared beyond your organization:
- A single, runnable .exe for onboarding with the onboarding information embedded (no separate onboarding file required)
- Silent and non-interactive onboarding options to support large-scale deployments with tools like Group Policy or Configuration Manager
- Custom package identifiers to help track and manage onboarding packages across your organization
- Configurable onboarding package expiry (up to one year)
- Customizable name identifiers and keys for increased control and visibility
- New portal entry points and guidance to make it easier to find the right onboarding and offboarding method for Windows, including directly from the device inventory page
The new, streamlined onboarding tab in the Defender portal
Customize your deployment package
This experience moves away from using scripts and loose blobs, making it more difficult for onboarding to take place at the hands of unauthorized users and significantly decreasing security issues related to blobs in the wild that don't expire. And for the first time, you can set custom expiry dates on onboarding packages for 1 day, 7 days, or a custom amount up to a year. Expiry for onboarding packages protects customers from unwanted onboarding and compliance issues, limiting packages from getting misused if they’re found in a public place. Expiry reduces the likelihood of unauthorized package usage, together with the new portal-provided key that you must input to complete the onboarding process.
Customize your deployment package with a name and expiry date
See your onboarding telemetry in detail
Deployment tool events are available in the device timeline and advanced hunting tabs for increased transparency into onboarding progress and errors, so you can quickly address any issues.
On the new deployment packages page, you can see your organization's onboarding packages at a glance and click to see more package properties, increasing visibility and traceability within the onboarding process. This is a great foundation for adding even more onboarding-related telemetry to view per device in the future. You can even filter by active or expired packages and hide packages you no longer wish to see.
The new deployment packages page in the Defender portal
To experience this next iteration of the Defender deployment tool for Windows, navigate to Settings > Endpoints > Onboarding > Windows, or jump there directly from the device inventory page. There you'll see the newly designed onboarding page in the Defender portal, complete with on/offboarding guides. Select the Defender deployment tool from the options shown.
New onboarding and offboarding buttons on the device inventory page
The Defender deployment tool is also available for Linux. We look forward continuing to share ways we're making it easier to onboard devices to Defender.
Learn more
- To learn more about Microsoft Defender's endpoint protection, check out our website.
- To learn more about Microsoft Security solutions, visit our website. Bookmark the https://www.microsoft.com/security/blog/ to keep up with our expert coverage on security matters. Follow us on LinkedIn (https://www.linkedin.com/showcase/microsoft-security/) and X (https://twitter.com/@MSFTSecurity) for the latest news and updates on cybersecurity.
Microsoft