To onboard your devices, use the following procedure:
- In the Microsoft Intune admin center, navigate to Endpoint security.
- Select Microsoft Defender for Endpoint.
- In the Details pane, click the link for Connect Microsoft Defender for Endpoint to Microsoft Intune in the Microsoft Defender Security Center.
- In Microsoft 365 Defender, select Settings > Endpoints >Advanced features.
- Turn on the Microsoft Intune connection.
- Click Save preferences.
After you’ve enabled the connection, Microsoft 365 Defender sends an onboarding configuration package to Intune. Deploy this package to your Windows devices. Alternatively, you can create and assign an Endpoint detection and response profile from Endpoint security in Intune. Use the following procedure:
- In the Microsoft Intune admin center, navigate to Endpoint security.
- Select Endpoint detection and response.
- In the details pane, click Create Policy.
- On the Create a profile page, in Platform, select Windows 10 and later.
- In the Profile, select Endpoint detection and response, and then select Create.
- On the Basics tab, enter a Name and Description and click Next.
- On the Configuration settings page, in the Microsoft Defender for Endpoint client configuration package type list, choose the appropriate file type, and then browse and select the onboarding file. Click Next.
- Configure scope tags and assignments, and then Create the profile.
Need More Review? Configure Microsoft Defender for Endpoint in Intune
To learn more about setup and onboarding, refer to the Microsoft website at https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure.
Implement automated response capabilities in Defender for Endpoint
Microsoft Defender for Endpoint provides numerous capabilities that can help you secure your endpoint devices. Table 3-19 describes some of these capabilities.
TABLE 3-19 Capabilities of Microsoft Defender for Endpoint
| Capability | Description |
| Attack surface reduction | Implementing several Windows Defender ATP features helps reduce the attack surface of a computer, its applications, and the data it consumes. |
| Endpoint detection and response | Continuously monitors your organization’s endpoints for possible attacks against devices or networks in your organization and provides the features you can use to mitigate and remediate threats. |
| Automated investigation and remediation | Offers automatic investigation and remediation capabilities that help reduce the volume of alerts and actions an administrator needs to perform to fix breaches. |
| Secure score | Enables you to assess the security posture of your organization and identify devices that might need attention, as well as recommendations for actions to improve your score |
| Management and APIs | Provides a means for you to interact with the platform by providing APIs. |
Need More Review? Overview of Microsoft Defender for Endpoint Capabilities
To learn more about the capabilities of Microsoft Defender for Endpoint, refer to the Microsoft website at https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint.