Microsoft Defender for Endpoint

Personally Owned Devices

Personally owned Windows Computers should use Microsoft Defender that comes with the computer.

Personally owned Mac computers should use a third-party antivirus client, such as AVG Antivirus or Sophos Home Free.  

University Owned Devices

IT staff can use the resources below to configure UB-owned equipment to use Microsoft Defender or Microsoft Defender for Endpoint.

Microsoft Defender vs. Microsoft Defender for Endpoint

Microsoft Defender is a free antimalware client that comes as part of the Windows 10, Server 2019, and Server 2016(1709+) Operating Systems. Microsoft Defender can be configured on an enterprise scale using Group Policy or Microsoft System Center / Endpoint Manager (SCCM/MEM)

Microsoft Defender alone may be sufficient for workstations that are otherwise monitored, do not store user profiles, and do not access sensitive data - e.g. student computing labs, digital signage, kiosk computers.  

Microsoft Defender for Endpoint (MDE) is a licensed, cloud-hosted component of the Microsoft Security suite. MDE provides additional monitoring, reporting, and protection options. MDE is required for all UB-owned servers. MDE is recommended for all workstations used by faculty and staff, and for all UB-supported workstations that access sensitive data. 

For older Microsoft operating systems (Windows 7, Windows 8, Windows Server 2016(1709-)), contact the EIS-SPS team to request the System Center Endpoint Protection installer.  

Microsoft Defender ATP is the Mac client for Windows Defender for Endpoint. Refer to the "Mac Clients" page for instructions on installing and configuring Microsoft Defender ATP.  

Microsoft Defender for Endpoint is a licensed product. UB's Microsoft license covers UB-owned equipment that is used by employees with a faculty/staff appointment. Additional licenses may be needed to use MDE on computers used by students or by employees with different appointment types.

Getting Started

  1. Inventory your workstations. Determine which machines can use Windows Defender will require MDE, and which machines will require MDE licenses beyond existing campus license.  
  2. Open a ticket in Remedyforce to Request access to the Microsoft Security Console. Include an ITORG group of the ITORG accounts for your department's administrators. You will be provided with your department's four-letter Group Tag, which must be applied to all of your MDE-enrolled devices for you to be able to manage them.  
  3. Configure Microsoft Defender. Use Group Policy or SCCM policies to configure AV scan settings. Use Group Policy to configure Windows Firewall settings. This can be completed before removing Symantec.  
  4. Enroll your devices in MDE. It is best practice to apply your Group tag before enrolling Windows devices. 
  5. Remove Symantec Endpoint. It is safe to onboard Windows devices in MDE before removing Symantec, as Defender will remain inactive as long as SEP is installed, but it is best practice to remove SEP before installing and onboarding Mac clients. 

Getting Help

Faculty/staff can contact their IT Support Node for assistance with removing SEP from their personal machines and for configuring a replacement.  

IT Nodes who need assistance deploying Defender for Endpoint can create a Remedyforce ticket with the EIS-SPS Team.