How to enroll your Microsoft 365 tenant to the Microsoft Defender for Endpoint service

Estimated Reading Time: 1 min read

Table of Contents

Case
Solution
Sources

Case #

You have purchased the Microsoft Defender for Endpoint service in your M365 tenant and need to enroll your organization to the Defender for endpoint service. The Microsoft Defender for Endpoint service is part of Windows 10 Enterprise E5 licensing.

Using Microsoft Defender for Endpoint service you can manage the following types of devices:

Windows 10 Enterprise
Windows Server 2008 R2 SP1 up to 2019
Linux Server
MacOSX
iOS
Android

Solution #

Follow the steo-by-step process below.

Navigate to
Click Next in step 1 after reviewing the Microsoft Defender for Endpoint service configuration guide and data privacy guide.

In step 2, choose the basic data retention preferences as per your location and click Next.

After clicking Next, a popup message warns you that you will not be able to change most of the above step 2 settings afterwards without completely off-boarding your organization first.

After clicking Continue, your Microsoft Defender for Endpoint account will be created.

During next step 4 you will be onboarding your first device to Microsoft Defender for Endpoint service.

There are various deployment methods available to suit your scale and scenario. For a simple local device deployment (up to ten devices) use the local script provided. Alternatively Group Policy can be used as per the following instructions: Onboard Windows 10 devices to Microsoft Defender ATP via Group Policy - Windows security | Microsoft Docs

Click Download Package to receive the deployment script.

To verify that the device is properly onboarded and reporting to the service,run the detection script on the newly onboarded device:

Open a Command Prompt window
At the prompt, copy and run the command below. The Command Prompt window will close automatically.

powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'

If successful, the detection test will be marked as completed and a new alert will appear in few minutes. You should now be ready to start using Microsoft Defender for endpoint. Click on Start using Microsoft Defender Endpoint link to continue.

You can now start managing your Windows 10 Enterprise E5 devices from the control panel: Security operations dashboard - Microsoft Defender for Endpoint (windows.com). It may take up to 60 minutes before your protected devices appear in the management dashboard.