Forum Discussion
Inquire about Microsoft Defender for Endpoint Deployment
I would like to kindly ask for some guidance.
Our office is currently considering deploying Microsoft Defender for Endpoint P1, or possibly Defender for Business. We have a total of 30 PCs, all running Windows 11.
Currently, we are using Microsoft 365 Exchange Online (30 licenses) for email communication.
All PCs are currently not joined to any Active Directory (either on-prem or Entra ID).
If we proceed with purchasing Microsoft Defender for Endpoint, I would like to ask:
- What setup model would be required for our environment?
- Do all PCs need to be joined to Microsoft Entra ID (formerly Azure AD) in order to use Defender for Endpoint?
A brief overview of the setup steps would also be very helpful.
Thank you very much.
2 Replies
The purpose of joining to Entra ID is solely for policies management. MDE, apart from local GPO, if you have to enforce endpoint security policies it must be only via device groups that are in Entra ID.
The devices can be onboarded to MDE even without joining to the domain/Entra ID, there will be synthetic device registration that makes such devices visible in Intune for policy assignment even if they are not part of the domain.
1. MDE onboarding by executing the onboarding script.
2. Once devices show up in MDE - Device Inventory, apply tag "MDE-Management" which will create a synthetic device registration in Intune.
3. After a sync (60mins - 24 hours), devices will appear in Intune where you can group them up and assign policies to those groups.
More info: https://learn.microsoft.com/en-us/intune/intune-service/protect/mde-security-integration
I'll recommend doing an Entra ID join of the devices and enrolling in Intune as the first thing. This will not only make the assignment of the Defender policies easier, but management overall. Then connect Intune with Defender and onboard, manage policies using Intune. You will also need to consider looking at licensing requirements for MDE.
