SOLVED

Microsoft defender for endpoint

Copper Contributor

Hi

 

I would like to know is there any possibility to have defender for endpoint on premise installation, means without internet connectivity.

One of our site have this special requirement to install Microsoft defender for endpoint completely isolated system. If possible what licenses should i have to order.

Thanks in advance.

2 Replies
best response confirmed by Azu1976 (Copper Contributor)
Solution

Hi, @Azu1976 Depending on your needs there is either plan 1 or plan 2 of Microsoft Defender for endpoints

https://learn.microsoft.com/it-it/defender-endpoint/microsoft-defender-endpoint

 

To perform an offline installation of Microsoft Defender for Endpoint on Windows, follow these steps:

Prerequisites:
- Ensure you have administrator privileges on the machine.
- You'll need to download the Microsoft Defender for Endpoint package ahead of time on a machine with internet access.

Steps for Offline Installation:

1. Download the Microsoft Defender for Endpoint Package:
On a machine with internet access, download the appropriate version of the Microsoft Defender for Endpoint package for your operating system.
- Go to the Microsoft 365 Defender portal.
- Navigate to Settings > Endpoints > Onboarding.
- Under the Select operating system section, choose the appropriate OS (e.g., Windows 10, Windows Server, etc.).
- Click Download installation package. Save the file to a USB drive or external media.

2. Transfer to Offline Machine:
- Copy the downloaded package (usually a .msi file) to the machine where you want to install Defender for Endpoint offline.
- Place the installer in an accessible folder, such as C:\Temp.

3. Install the Package:
- Open Command Prompt as an Administrator.
- Navigate to the directory where the installation package is stored. For example:
cmd
cd C:\Temp

- Run the installer with elevated permissions:
cmd
msiexec /i md4ws.msi /quiet

Replace md4ws.msi with the correct filename of the installation package you downloaded.

4. Enable Microsoft Defender for Endpoint Services:
After installing the package, the next step is to enable the required services for Defender for Endpoint to run properly. You can configure this using PowerShell:

powershell
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -SubmitSamplesConsent 1

5. Verify Installation:
- Open the Windows Security center.
- Check under Virus & threat protection to ensure that Microsoft Defender for Endpoint is active and running.
- You can also check using PowerShell:
powershell
Get-MpComputerStatus

Optional: Check for Definition Updates Offline
To ensure that the machine is protected, you will need to update the threat definitions offline as well:

1. Download the Latest Security Intelligence Updates:
- On a machine with internet access, download the latest Defender definition updates from the official Microsoft website.
- [Download from Microsoft](https://www.microsoft.com/en-us/wdsi/definitions)
- Choose the correct version based on your OS (x64 or x86).

2. Transfer and Install on Offline Machine:
- Copy the update files to the offline machine.
- Run the update installer to apply the latest definitions.

This should install Microsoft Defender for Endpoint on your offline machine and ensure it is up to date with the latest definitions.

1 best response

Accepted Solutions
best response confirmed by Azu1976 (Copper Contributor)
Solution

Hi, @Azu1976 Depending on your needs there is either plan 1 or plan 2 of Microsoft Defender for endpoints

https://learn.microsoft.com/it-it/defender-endpoint/microsoft-defender-endpoint

 

To perform an offline installation of Microsoft Defender for Endpoint on Windows, follow these steps:

Prerequisites:
- Ensure you have administrator privileges on the machine.
- You'll need to download the Microsoft Defender for Endpoint package ahead of time on a machine with internet access.

Steps for Offline Installation:

1. Download the Microsoft Defender for Endpoint Package:
On a machine with internet access, download the appropriate version of the Microsoft Defender for Endpoint package for your operating system.
- Go to the Microsoft 365 Defender portal.
- Navigate to Settings > Endpoints > Onboarding.
- Under the Select operating system section, choose the appropriate OS (e.g., Windows 10, Windows Server, etc.).
- Click Download installation package. Save the file to a USB drive or external media.

2. Transfer to Offline Machine:
- Copy the downloaded package (usually a .msi file) to the machine where you want to install Defender for Endpoint offline.
- Place the installer in an accessible folder, such as C:\Temp.

3. Install the Package:
- Open Command Prompt as an Administrator.
- Navigate to the directory where the installation package is stored. For example:
cmd
cd C:\Temp

- Run the installer with elevated permissions:
cmd
msiexec /i md4ws.msi /quiet

Replace md4ws.msi with the correct filename of the installation package you downloaded.

4. Enable Microsoft Defender for Endpoint Services:
After installing the package, the next step is to enable the required services for Defender for Endpoint to run properly. You can configure this using PowerShell:

powershell
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -SubmitSamplesConsent 1

5. Verify Installation:
- Open the Windows Security center.
- Check under Virus & threat protection to ensure that Microsoft Defender for Endpoint is active and running.
- You can also check using PowerShell:
powershell
Get-MpComputerStatus

Optional: Check for Definition Updates Offline
To ensure that the machine is protected, you will need to update the threat definitions offline as well:

1. Download the Latest Security Intelligence Updates:
- On a machine with internet access, download the latest Defender definition updates from the official Microsoft website.
- [Download from Microsoft](https://www.microsoft.com/en-us/wdsi/definitions)
- Choose the correct version based on your OS (x64 or x86).

2. Transfer and Install on Offline Machine:
- Copy the update files to the offline machine.
- Run the update installer to apply the latest definitions.

This should install Microsoft Defender for Endpoint on your offline machine and ensure it is up to date with the latest definitions.

View solution in original post