Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Secure your remote workforce with Microsoft Defender ATP
Published Apr 01 2020 08:43 AM 33.1K Views



As remote work has grown dramatically over the last few weeks, we want to make sure you have the information you need, as we work together, to help secure your organization’s remote workers.


Expanding to home-based worker scenarios introduces new challenges which include expanding deployment to additional devices, adjusting security policies to enable productivity from home, enabling BYOD, supporting broader SaaS application usage, securing sensitive data, and more. Our team is here to help secure your organizations’ remote workers.


To help rapidly expand protection to the growing number of remote worker devices, we’re offering guidance, recommendations, and tips so that you can stay protected, get the most out of your investment, and unlock additional tools that are available for you.


Microsoft Defender ATP customers can expect the following:  

  • Coverage for additional devices without requiring additional licenses
  • Guidance and support services to rapidly expand deployment
  • Proactive and reactive assistance helping security teams identify, respond to, and remediate threats

Licensing – what is available to you today

Right now, you need to be able to quickly secure a greater number of endpoints than ever before. With Microsoft Defender ATP, this flexibility is included without the need to acquire additional licenses. Microsoft Defender ATP is purchased on a per user basis which covers users for up to 5 concurrent devices of the licensed user, allowing you to expand endpoint protection to additional devices used by licensed users with zero friction. If you have further questions or require additional assistance, please contact your Microsoft representative.


Guidance for rapid onboarding

For Windows environments, Microsoft Defender ATP’s built-in and cloud-powered architecture eliminates the need to deploy agents or infrastructure, enabling IT and Security teams to focus on mission-critical activities and minimizing potential disruption to end-user productivity. We also offer guidance on methods and deployment tools you can use to install and configure Microsoft Defender ATP for Mac.


For corporate managed/owned devices

You can onboard macOS, Windows 7, Windows 8.1, and Windows 10 devices. The onboarding wizard in the Microsoft Defender Security Center simplifies this process and guides you with the appropriate steps depending on the device. Our documentation provides the steps you need to learn how to onboard a variety of devices. For devices with Windows Enterprise or Windows Pro, we recommend having your remote workers enroll the devices in MDM. This will allow you to enable Microsoft Defender ATP for these devices. If your remote workers are using Macs at home, you should deploy Microsoft Defender ATP for Mac with these steps.


For Virtual Desktop Infrastructure (VDI)

Microsoft Defender ATP offers VDI support for customers choosing to enable remote workers via VDI. Our documentation for onboarding VDI has steps to guide you through the process and will highlight steps for supporting your VDI environment.


For home devices and BYOD 
Not every company is able to offer corporate devices for employees working from home, and sometimes the only option is to use a personal home device to get work done. Windows Home includes industry leading, built-in antivirus (AV). Its free and requires no additional licenses. When coupled with Microsoft Endpoint Manager, you’ll be able further secure end users and sensitive corporate information.


We recommend that Microsoft’s antivirus be used as the primary AV and be kept up to date to ensure the best protection we can provide, additional configuration guidance can be found here.

For mobile devices, we recommend you have your remote workers enroll their mobile devices using Intune and enable app based conditional access to protect sensitive data on these devices. Take a look at this additional help on securing personal PCs and mobile devices.


Additional deployment assistance and guidance
We are here to help you! Microsoft FastTrack is included with Microsoft Defender ATP and is available to assist organizations setting up remote work.  Please sign in and fill out a Request for Assistance form. If you have challenges signing in or need additional assistance, please send an email to


If you encounter technical issues, you can reach out to customer support through the Microsoft Defender Security Center, or directly through these links: Microsoft Support or Microsoft Premier Support.


Security best practices – our recommendations

Best practices and configurations to consider
To help configure devices in a secure way while assuring productivity we’ve created security baselines, these help you secure and protect your users and devices. Security baselines are basically pre-configured groups of settings that help you apply a known group of settings and default values that are recommended by Microsoft’s security teams. 


Keep in mind that these configurations are designed for enterprise managed devices, If you are allowing BYOD for employees working remotely, you should review the settings to assure they are appropriate for an employee-owned device, you can also refer to the security configuration framework for additional guidance.


Microsoft Defender ATP capabilities to leverage
Microsoft Defender ATP’s integrated suite of pre and post breach protection capabilities helps security teams to scale and operate effectively and efficiently. Making the best use of these capabilities can help to secure your environment. We recommend that customers take advantage of Threat & Vulnerability Management (TVM), Attack Surface Reduction (ASR), and Auto Investigation and Remediation (Auto-IR) today. These features require relatively low effort to leverage and can have the greatest impact in helping to drive better security and improved efficiencies.


We’re here to help!

In case of a security incident, Microsoft incident response (IR) services are available through the Microsoft Detection and Response Team (DART). DART provides both reactive incident response and pro-active cyber-resilient services, some delivered remotely and some on-site. The team responds to security incidents and helps customers and partners around the world. You can reach out to your Microsoft Account Manager, Technical Account Manager, or Premier Support contact if you need help from DART.

In summary, we are committed in helping customers secure their remote workforce, support their security teams, and remove any obstacles and friction in the way.


Alon Rosental, Principal Group Program Manager, Microsoft Defender ATP

Version history
Last update:
‎Apr 07 2020 06:38 AM
Updated by: