Forum Discussion
Solved
Microsoft Defender On-Premise (No Internet connectivity)
Hello, Is there a way to mange/configure/administer MS Defender clients in an On-Premise environment with no connection to Azure cloud management portals please? Many Thanks, Graeme
- Yes, it is possible to manage it using Microsoft Endpoint Configuration Manager and you many manage it on-premise. It is possible to manage it using Group Policy and PowerShell but you have some challenges. Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files. Take a look at:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-mde-post-migration-configuration-manager
Yes, it is possible to manage it using Microsoft Endpoint Configuration Manager and you many manage it on-premise. It is possible to manage it using Group Policy and PowerShell but you have some challenges. Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files. Take a look at:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-mde-post-migration-configuration-manager
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-mde-post-migration-configuration-manager
It is possible to manage it using Group Policy and PowerShell but you have some challenges.
Using Powershell will give you the option to run scripts once a day to get the *.exe file from a share, and execute it once a day. You'll be blocked from doing this if your org doesn't allow storing network passwords locally within the scheduler so the install scripts can run.
Probably. your best bet is using MS Active Directory where you can deploy .msi files to update computers or userNames. You'll need to get a .exe to .msi wrapper to convert the file to .msi, or AD will not install it.
Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files.
Using Powershell will give you the option to run scripts once a day to get the *.exe file from a share, and execute it once a day. You'll be blocked from doing this if your org doesn't allow storing network passwords locally within the scheduler so the install scripts can run.
Probably. your best bet is using MS Active Directory where you can deploy .msi files to update computers or userNames. You'll need to get a .exe to .msi wrapper to convert the file to .msi, or AD will not install it.
Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files.