Microsoft Defender for Business post setup wizard recommendations

image

Let’s say that you have kicked off the Microsoft Defender for Business setup wizard as shown above. For the purposes of this article I’ll also assume that this is part of a Microsoft 365 Business Premium tenant.

image

Let’s assume that you have now completed that process, which you can read about here:

Use the setup wizard in Microsoft Defender for Business

image

After the wizard has completed I suggest you head to the Settings options in https://security.microsoft.com and then select Endpoints and finally, select Advanced features, where you should see the above screen full of options on the right.

At this point I’d suggest you go and enable all the options listed. Now, not all of them will be relevant but I’d still recommend they be turned on none the less. Do it once and you won’t need to come back is my philosophy.

Leave that location open as we’ll be coming back here.

image

Next, head over to your Microsoft Endpoint Manager and select Endpoint security on the left, then Microsoft Defender for Endpoint, which should result in the above screen.

Here you want to ensure the Connection status is Enabled (i.e. green check mark) as shown.

If it isn’t for some reason, then head back to https://security.microsoft.com, Settings, Endpoint, Advanced features.

image

Scroll through the list of items until you find the Microsoft Intune connection as shown above. Ensure that it is turned On. If it isn’t, turn it On, wait at least 15 minutes and check back in Endpoint Manager for the Connection status to be Enabled (i.e. you see the green check mark). If it is already On and the green check mark doesn’t appear, turn the setting Off for at least 15 minutes and then turn it back On. You know, kinda reboot it. The connection status should go green after that in my experience.

image

When the Connection status is Enabled go and turn all the options on the page to On as shown above.

image

Return to https://security.microsoft.com and select the Onboarding option as shown above.

My recommendation is that you manually onboard the first Windows 10 device in your environment using a local script. That will ensure everything is working quickly and easily.

Simply download the script provided and run it on one of the Endpoint Manager enrolled devices in your environment.

image

Once the script has run successfully return to the console and select Device inventory from the menu on the left as shown. Within 15 minutes or so, you should see the machine that you ran the script on appear here.

Congratulations, you have successfully onboarded your first device to Defender for Business in your tenant. You are now free to continue to configure additional devices using the policies provided. I always like to do the very first device in the environment manually so I know everything is working as expected. If I then get issues, I know to troubleshoot my deployment policies.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s