Microsoft Defender for Endpoint

All installations of Symantec Endpoint Protection (SEP) on UB-owned equipment, and installations on faculty/staff personal equipment using UB-provided installers, should have been removed by August 13, 2021.

After August 13, 2021. installations of Symantec are no longer licensed. They may appear to continue working, but do not receive the latest virus updates and it will no longer provide the best possible security.  

Personally Owned Devices

Faculty and staff should refer to the "Personally Owned Devices page for instructions on removing Symantec Endpoint and installing Windows Defender for PC or a third-party recommended solution for Mac on their personally owned devices.    

IT staff can use the resources below to configure UB-owned equipment to use Microsoft Defender or Microsoft Defender for Endpoint.

Microsoft Defender vs. Microsoft Defender for Endpoint

Microsoft Defender is a free antimalware client that comes as part of the Windows 10, Server 2019, and Server 2016(1709+) Operating Systems. Microsoft Defender can be configured on an enterprise scale using Group Policy or Microsoft System Center / Endpoint Manager (SCCM/MEM)

Microsoft Defender alone may be sufficient for workstations that are otherwise monitored, do not store user profiles, and do not access sensitive data - e.g. student computing labs, digital signage, kiosk computers.  

Microsoft Defender for Endpoint (MDE) is a licensed, cloud-hosted component of the Microsoft Security suite. MDE provides additional monitoring, reporting, and protection options. MDE is required for all UB-owned servers. MDE is recommended for all workstations used by faculty and staff, and for all UB-supported workstations that access sensitive data. 

For older Microsoft operating systems (Windows 7, Windows 8, Windows Server 2016(1709-)), contact the EIS-SPS team to request the System Center Endpoint Protection installer.  

Microsoft Defender ATP is the Mac client for Windows Defender for Endpoint. Refer to the "Mac Clients" page for instructions on installing and configuring Microsoft Defender ATP.  

Microsoft Defender for Endpoint is a licensed product. UB's Microsoft license covers UB-owned equipment that is used by employees with a faculty/staff appointment. Additional licenses may be needed to use MDE on computers used by students or by employees with different appointment types.

Getting Started

  1. Inventory your workstations. Determine which machines can use Windows Defender will require MDE, and which machines will require MDE licenses beyond existing campus license.  
  2. Open a ticket in Remedyforce to Request access to the Microsoft Security Console. Include an ITORG group of the ITORG accounts for your department's administrators. You will be provided with your department's four-letter Group Tag, which must be applied to all of your MDE-enrolled devices for you to be able to manage them.  
  3. Configure Microsoft Defender. Use Group Policy or SCCM policies to configure AV scan settings. Use Group Policy to configure Windows Firewall settings. This can be completed before removing Symantec.  
  4. Enroll your devices in MDE. It is best practice to apply your Group tag before enrolling Windows devices.  
  5. Remove Symantec Endpoint by August 13th, 2021. It is safe to onboard Windows devices in MDE before removing Symantec, as Defender will remain inactive as long as SEP is installed, but it is best practice to remove SEP before installing and onboarding Mac clients. 

Getting Help

Faculty/staff can contact their IT Support Node for assistance with removing SEP from their personal machines and for configuring a replacement.  

IT Nodes who need assistance deploying Defender for Endpoint can create a Remedyforce ticket with the EIS-SPS Team.