new to defender for endpoint

Copper Contributor

Hello everyone.

I am looking to start using defender for endpoint for our business. I find it all a bitt fuzzy and im therefore looking for help.


we have a local ad with about 40 devices. We use microsoft 365 E3-E5 and and some f3 licenses.

What is the best way to get it up and running?

We do not have ad connect set up yet. Do we need that in order to onboard devices?


Is there any good step by step instructions on how to set both ad connect and defender available?


Best regards




Thank to you who responded. It gave me new insights.

I finally decided to renew my eset license instead as it is much easier to administer.

One installation file with the license token and you are good to go.
In order for me to be able to use endpoint i'd have to enroll azure ad connect and then figure out how to further deploy it to my endpoints. Eset made it so much easier with just one .exe file to run on each computer.



3 Replies

@Bepees Hello only your E5 licenses includes the MDE features. MDE Have 2 plans and you can choose one of the plans depending on your needs from the security capabilities that MDE presents. 


since you're a SMB Company, I suggest you go with defender with Business suitable for the companies that have 300 users and less. 


if your devices are joined to the local domain than you need to install and configure Entra connect and enable hybrid ad join and sync your devices to the cloud. if your device are joined to Entra only than Entra connect is not needed.


the comparison between MDE and MDB as the below link 

Compare security features in Microsoft 365 plans for small and medium-sized businesses | Microsoft L...


to install and configure MDB as the below link. 

Set up and configure Microsoft Defender for Business | Microsoft Learn


to install and configure Entra connect as the below link 

Microsoft Entra Connect and Microsoft Entra Connect Health installation roadmap. - Microsoft Entra |...


to configure hybrid ad join 

Configure Microsoft Entra hybrid join - Microsoft Entra | Microsoft Learn

There are lot of licensing options when it comes to Defender for Endpoint. E3 will give you MDE plan 1 which doesn't cover advanced Defender capabilities like EDR, AIR etc. MDE plan 2 will cover these as part of E5. I will suggest to speak to a licensing expert\partner to get your sorted.

As for the implementation, if your devices are domain joined, then at a minimum, you will need to configure the AAD connect and sync the relevant attributes. You can avoid the need for doing a full HAADJ and utilize security configuration settings in Defender to onboard and manage the devices for MDE policies, but I will recommend to HAADJ and enroll & manage devices using Intune.
@eliekarkafy and @rahuljindal-MVP Hi. Thanks for your replies.
So connecting the on prem ad to azure is required.
Yes i am going to talk to an licensing expert later on because we need to sort some things out, like replacing f3 with better suited licenses.
Main goal right now is to get started with MDE and replace ESET which we use today.