One of the big benefits of Windows 10 devices when it comes to onboarding them to Microsoft Defender for Business is that they already have the ‘client’ software installed. That being Windows Defender. All the onboarding process needs to do is connect up the ‘backend plumbing’ so that Windows 10 also sends security information to the Microsoft 365 Security portal.
The first step in this onboarding process is to ensure that your Windows 10 devices are already Azure AD joined. You’ll also need to have a license for Intune/Endpoint Manager to enable this process from a centralised location.
Next, visit the Microsoft Endpoint Manager portal at:
As shown above, here, navigate to Endpoint Security, then Microsoft Defender for Endpoint. Ensure that the option Connection status is enabled. If it isn’t then open a new browser tab and navigate to:
You should see the screen above. Scroll down this page.
Select Settings as shown above and then Endpoints from the options that appear on the right.
Scroll through the options presented and select Advanced features as shown. Location the Microsoft Intune connection option and set it to On. You may also want to have a look through the list of all the other available settings and also turn these on if desired.
You may need to wait a little while until connection status back in Endpoint Manager reports as being enabled.
You can always use the Refresh button at the top of the page, but be prepared for a short wait while the connection is made.
While you are on this Endpoint Manager page you will also probably want to turn all the settings available here.
Still in Endpoint Manager, you’ll now need to select Devices, then Configuration Policies, then Create profile as shown above.
Select Windows 10 and later for the Platform and Templates from the Profile type.
Scroll through the list of templates and select Microsoft Defender for Endpoint (desktop devices running Windows 10 or later).
Give this new policy a meaningful name and select the Next button at the bottom of the page to continue.
You don’t have to make any changes on the Configuration settings page but I like to Enable the option for Expedite telemetry reporting frequency. Select the Next button at bottom of the page to continue.
On the Assignments page you need to configure which groups this policy will include and exclude. Generally, you want to select All devices as shown above, but you can select whatever suits your configuration needs.
Continue through the remaining policy configuration pages and Create the new policy.
If you go back and look at the properties of the policy as shown above, you note an additional Configuration setting that wasn’t displayed when the policy was created – Microsoft Defender for configuration package type is set to Onboard. This is what effectively will onboard the Windows 10 devices for you automatically.
You can now use the Device Status option to monitor when this policy is applied to each device. Note that this status may take a while to change and the policy to be applied as it is dependent on when the devices ‘check in’ for policy updates.
Once the devices ‘check in’ and receive the policy, their status should be displayed as shown above with the Deployment status field now reporting as Succeeded.
You can see which devices have been successfully onboarded to Defender for Endpoint by selecting the Device inventory option in the Microsoft 365 Security Center as shown above. Until machines have their ‘plumbing’ connected back to this console via the onboarding process they will not appear.
Once that onboarding process is complete on the device, it should appear in the Device inventory as shown above.
If you return to Endpoint Manager and scroll to the bottom of the Microsoft Defender for Endpoint screen, as shown above, you’ll see a summary of the devices onboarded.
The great thing is that you only need to do all this once, because once the Intune connection and Device configuration policy is in place, all Windows 10 machines will automatically be onboarded to Defender for Endpoint and all the options the Microsoft Security Center.