Forum Discussion

Azu1976's avatar
Azu1976
Copper Contributor
Oct 01, 2024

Microsoft defender for endpoint

Hi

 

I would like to know is there any possibility to have defender for endpoint on premise installation, means without internet connectivity.

One of our site have this special requirement to install Microsoft defender for endpoint completely isolated system. If possible what licenses should i have to order.

Thanks in advance.

  • Hi, Azu1976 Depending on your needs there is either plan 1 or plan 2 of Microsoft Defender for endpoints

    https://learn.microsoft.com/it-it/defender-endpoint/microsoft-defender-endpoint

     

    To perform an offline installation of Microsoft Defender for Endpoint on Windows, follow these steps:

    Prerequisites:
    - Ensure you have administrator privileges on the machine.
    - You'll need to download the Microsoft Defender for Endpoint package ahead of time on a machine with internet access.

    Steps for Offline Installation:

    1. Download the Microsoft Defender for Endpoint Package:
    On a machine with internet access, download the appropriate version of the Microsoft Defender for Endpoint package for your operating system.
    - Go to the Microsoft 365 Defender portal.
    - Navigate to Settings > Endpoints > Onboarding.
    - Under the Select operating system section, choose the appropriate OS (e.g., Windows 10, Windows Server, etc.).
    - Click Download installation package. Save the file to a USB drive or external media.

    2. Transfer to Offline Machine:
    - Copy the downloaded package (usually a .msi file) to the machine where you want to install Defender for Endpoint offline.
    - Place the installer in an accessible folder, such as C:\Temp.

    3. Install the Package:
    - Open Command Prompt as an Administrator.
    - Navigate to the directory where the installation package is stored. For example:
    cmd
    cd C:\Temp

    - Run the installer with elevated permissions:
    cmd
    msiexec /i md4ws.msi /quiet

    Replace md4ws.msi with the correct filename of the installation package you downloaded.

    4. Enable Microsoft Defender for Endpoint Services:
    After installing the package, the next step is to enable the required services for Defender for Endpoint to run properly. You can configure this using PowerShell:

    powershell
    Set-MpPreference -MAPSReporting Advanced
    Set-MpPreference -DisableRealtimeMonitoring $false
    Set-MpPreference -SubmitSamplesConsent 1

    5. Verify Installation:
    - Open the Windows Security center.
    - Check under Virus & threat protection to ensure that Microsoft Defender for Endpoint is active and running.
    - You can also check using PowerShell:
    powershell
    Get-MpComputerStatus

    Optional: Check for Definition Updates Offline
    To ensure that the machine is protected, you will need to update the threat definitions offline as well:

    1. Download the Latest Security Intelligence Updates:
    - On a machine with internet access, download the latest Defender definition updates from the official Microsoft website.
    - [Download from Microsoft](https://www.microsoft.com/en-us/wdsi/definitions)
    - Choose the correct version based on your OS (x64 or x86).

    2. Transfer and Install on Offline Machine:
    - Copy the update files to the offline machine.
    - Run the update installer to apply the latest definitions.

    This should install Microsoft Defender for Endpoint on your offline machine and ensure it is up to date with the latest definitions.

  • micheleariis's avatar
    micheleariis
    Steel Contributor

    Hi, Azu1976 Depending on your needs there is either plan 1 or plan 2 of Microsoft Defender for endpoints

    https://learn.microsoft.com/it-it/defender-endpoint/microsoft-defender-endpoint

     

    To perform an offline installation of Microsoft Defender for Endpoint on Windows, follow these steps:

    Prerequisites:
    - Ensure you have administrator privileges on the machine.
    - You'll need to download the Microsoft Defender for Endpoint package ahead of time on a machine with internet access.

    Steps for Offline Installation:

    1. Download the Microsoft Defender for Endpoint Package:
    On a machine with internet access, download the appropriate version of the Microsoft Defender for Endpoint package for your operating system.
    - Go to the Microsoft 365 Defender portal.
    - Navigate to Settings > Endpoints > Onboarding.
    - Under the Select operating system section, choose the appropriate OS (e.g., Windows 10, Windows Server, etc.).
    - Click Download installation package. Save the file to a USB drive or external media.

    2. Transfer to Offline Machine:
    - Copy the downloaded package (usually a .msi file) to the machine where you want to install Defender for Endpoint offline.
    - Place the installer in an accessible folder, such as C:\Temp.

    3. Install the Package:
    - Open Command Prompt as an Administrator.
    - Navigate to the directory where the installation package is stored. For example:
    cmd
    cd C:\Temp

    - Run the installer with elevated permissions:
    cmd
    msiexec /i md4ws.msi /quiet

    Replace md4ws.msi with the correct filename of the installation package you downloaded.

    4. Enable Microsoft Defender for Endpoint Services:
    After installing the package, the next step is to enable the required services for Defender for Endpoint to run properly. You can configure this using PowerShell:

    powershell
    Set-MpPreference -MAPSReporting Advanced
    Set-MpPreference -DisableRealtimeMonitoring $false
    Set-MpPreference -SubmitSamplesConsent 1

    5. Verify Installation:
    - Open the Windows Security center.
    - Check under Virus & threat protection to ensure that Microsoft Defender for Endpoint is active and running.
    - You can also check using PowerShell:
    powershell
    Get-MpComputerStatus

    Optional: Check for Definition Updates Offline
    To ensure that the machine is protected, you will need to update the threat definitions offline as well:

    1. Download the Latest Security Intelligence Updates:
    - On a machine with internet access, download the latest Defender definition updates from the official Microsoft website.
    - [Download from Microsoft](https://www.microsoft.com/en-us/wdsi/definitions)
    - Choose the correct version based on your OS (x64 or x86).

    2. Transfer and Install on Offline Machine:
    - Copy the update files to the offline machine.
    - Run the update installer to apply the latest definitions.

    This should install Microsoft Defender for Endpoint on your offline machine and ensure it is up to date with the latest definitions.

Resources