Introduction to Microsoft Defender for Endpoint

To make things simpler I will be calling this as MDE. Of course that the industry level acronym for Defender for Endpoint. In an age where security is the very soul of the tech industry and basically any industry, Microsoft Defender is the champion as it’s built with the latest and greatest.

MDE is not just an antivirus product, but it has all the bells and whistles where it stands as an EDR solution (Endpoint Detection and Response)

This is the announcement from Microsoft

2021 Gartner Magic Quadrant for Endpoint Protection Platforms. Quadrants include Leaders, Challengers, Niche Players, and Visionaries.

I would like to discuss few important things that’s required to get started.

Main Components of MDE

  • Threat and Vulnerability Management (TVM)
  • Attack Surface Reduction (ASR)
  • Next Gen Protection
  • Endpoint Detection and Response
  • Automated Investigation and Remediation
  • Microsoft Threat Experts
Microsoft Defender for Endpoint | Microsoft Security
Figure from MSFT

Where to login from?

go to

or The Security under Admin Centers in

Licensing for the Defender Portal

  • Microsoft 365 E5 or A5
  • Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
  • Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
  • Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
  • Windows 10 Enterprise E5 or A5
  • Windows 11 Enterprise E5 or A5
  • Enterprise Mobility + Security (EMS) E5 or A5
  • Office 365 E5 or A5
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Defender for Office 365 (Plan 2)

Licensing for MDE

To use the MDE benefits, you must have the below

  • Windows 11 Enterprise E5/A5
  • Windows 10 Enterprise E5/A5
  • Microsoft 365 E5/A5/G5 (which includes Windows 10 or Windows 11 Enterprise E5)
  • Microsoft 365 E5/A5/G5/F5 Security
  • Microsoft 365 F5 Security & Compliance

What component in the license covers the MS Defender?

Microsoft Defender for Endpoint Plan 1

Defender for Endpoint Plan 1 diagram
Figure from MSFT

Microsoft Defender for Endpoint Plan 2

As a comparison, MDE Plan 2 will provide pretty much everything in the above diagram.

thumbnail image 1 of blog post titled 
							Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
Figure from

Operation Systems requirements

Browsers: Google Chrome or Microsoft Edge

Other notable requirements

Internet bandwidth: The Defender sensors at endpoint may user 5MB of bandwidth per day to communicate with the MDE Cloud service.

Client: Cores: 2 minimum, 4 preferred Memory: 1 GB minimum, 4 preferred

Diagnostic Data Settings

Run sc qc diagtrack in command prompt to see if the Diagnostic Data Settings are ON.

If not run sc config diagtrack start=auto to switch that ON

Defender A/V passive mode

When the computer’s primary A/V is not Defender, it acts in th epassive mode.

If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
If you’re onboarding servers and Microsoft Defender Antivirus isn’t the active antimalware on your servers, Microsoft Defender Antivirus will either need to be configured to go on passive mode or uninstalled. The configuration is dependent on the server version.

What intergrates with MDE directly?

  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Intune
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Identity
  • Microsoft Defender for Office
  • Skype for Business

What’s Next?

Now that you’ve understood the licensing requirements, I will commense the technical bits and discuss more on the main MDE components from nect artcal onwards.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.