To make things simpler I will be calling this as MDE. Of course that the industry level acronym for Defender for Endpoint. In an age where security is the very soul of the tech industry and basically any industry, Microsoft Defender is the champion as it’s built with the latest and greatest.
MDE is not just an antivirus product, but it has all the bells and whistles where it stands as an EDR solution (Endpoint Detection and Response)
This is the announcement from Microsoft
I would like to discuss few important things that’s required to get started.
Main Components of MDE
- Threat and Vulnerability Management (TVM)
- Attack Surface Reduction (ASR)
- Next Gen Protection
- Endpoint Detection and Response
- Automated Investigation and Remediation
- Microsoft Threat Experts
Where to login from?
go to https://security.microsoft.com/
or The Security under Admin Centers in https://admin.microsoft.com/
Licensing for the Defender Portal
- Microsoft 365 E5 or A5
- Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
- Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
- Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
- Windows 10 Enterprise E5 or A5
- Windows 11 Enterprise E5 or A5
- Enterprise Mobility + Security (EMS) E5 or A5
- Office 365 E5 or A5
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Defender for Office 365 (Plan 2)
Licensing for MDE
To use the MDE benefits, you must have the below
- Windows 11 Enterprise E5/A5
- Windows 10 Enterprise E5/A5
- Microsoft 365 E5/A5/G5 (which includes Windows 10 or Windows 11 Enterprise E5)
- Microsoft 365 E5/A5/G5/F5 Security
- Microsoft 365 F5 Security & Compliance
What component in the license covers the MS Defender?
Microsoft Defender for Endpoint Plan 1
Microsoft Defender for Endpoint Plan 2
As a comparison, MDE Plan 2 will provide pretty much everything in the above diagram.
Operation Systems requirements
Browsers: Google Chrome or Microsoft Edge
- Windows 7 SP1 Enterprise (Requires ESU for support.)
- Windows 7 SP1 Pro (Requires ESU for support.)
- Windows 8.1 Enterprise
- Windows 8.1 Pro
- Windows 11 Enterprise
- Windows 11 Education
- Windows 11 Pro
- Windows 11 Pro Education
- Windows 10 Enterprise
- Windows 10 Enterprise LTSC 2016 (or later)
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows server
- Windows Server 2008 R2 SP1 (Requires ESU for support)
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server, version 1803 or later
- Windows Server 2019
- Windows Server 2022
- Windows Virtual Desktop
- Android
- iOS
- Linux
- macOS
Other notable requirements
Internet bandwidth: The Defender sensors at endpoint may user 5MB of bandwidth per day to communicate with the MDE Cloud service.
Client: Cores: 2 minimum, 4 preferred Memory: 1 GB minimum, 4 preferred
Diagnostic Data Settings
Run sc qc diagtrack in command prompt to see if the Diagnostic Data Settings are ON.
If not run sc config diagtrack start=auto to switch that ON
Defender A/V passive mode
When the computer’s primary A/V is not Defender, it acts in th epassive mode.
If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
If you’re onboarding servers and Microsoft Defender Antivirus isn’t the active antimalware on your servers, Microsoft Defender Antivirus will either need to be configured to go on passive mode or uninstalled. The configuration is dependent on the server version.
What intergrates with MDE directly?
- Microsoft Defender for Cloud
- Microsoft Sentinel
- Intune
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity
- Microsoft Defender for Office
- Skype for Business
What’s Next?
Now that you’ve understood the licensing requirements, I will commense the technical bits and discuss more on the main MDE components from nect artcal onwards.
EMS Route - Shehan Perera 