Onboarding Devices in Defender for Endpoint

On This Page:

Microsoft Security Center

The Microsoft Security Center is the primary authority on Defender for Endpoint documentation. 

Manual Onboarding

Windows Onboarding (Manual)

  1. Navigate to the Microsoft Security Center Onboarding section.
  2. Set the Operating System as Windows 10 and the download type as "Local Script".
  3. Extract the zip file to get WindowsDefenderATPLocalOnboardingScript.cmd. This script contains the specific information needed to connect a computer to UB's instance of Microsoft Security Center.
  4. Before running the script, set your department's Group Tag:
    1. Run regedit.exe and navigate to HKLM\Software\Policies\Microsoft\Windows Advanced Threat Protection.
    2. Create a new key called DeviceTagging, and under that create a new String value named Group, with a value of DEPT (where DEPT is your department's 4-character code). 

Mac Onboarding (Manual)

  1.  Navigate to the Microsoft Security Center Onboarding section.
  2. Set the Operating System as MacOS and the download type as "Local Script".
  3. Download both the Installation Package (wdav.pkg) and the installation script (WindowsDefenderATPOnboardingPackage.zip).
  4. On a target computer,  run the .pkg installer.
  5. Open Terminal to run the Client Configuration section.  
  6. After completing the Microsoft documentation, run the following command from the Terminal to set your department's tag:  
    • mdatp edr tag set --name GROUP --value DEPT

Automated Enrollment

Windows Onboarding Using SCCM

  1. Navigate to Administration > Client Settings.
  2. Deploy the UBIT Defender Endpoint Management Client Settings Policy to your machines.
  3. Configure the Group tag for your machines.
  4. Navigate to Assets and Compliance > Compliance Settings.
  5. Create a Configuration Item modeled off /Dept/DEPT - Windows Defender Tag for workstations.
  6. Create a Configuration Baseline modeled off Windows Defender Tagging - Registry Key.
  7. Deploy the Configuration Baseline to your machines to set the Registry Key.
  8. Enroll your Defender clients in the MDE console.
  9. Navigate to Assets and Compliance, Endpoint Protection > Microsoft Defender ATP Policies.
  10. Deploy UBIT Microsoft Defender for Endpoint Onboarding Policy to make your Defender clients enroll in the Microsoft Security Console. 
  11. Remove Symantec Endpoint, if present.
  12. Deploy the Application "UBIT Symantec Endpoint Full Removal" as an Uninstall action.

It is safe to configure Microsoft Defender and Defender for Endpoint before removing Symantec. 

Windows Onboarding Using BeyondTrust

  1. Pre-stage your department's GROUP tag in the registry using Group Policy or a script.  
  2. Start a Jump session on the target machine. This can be initiated by a user, or you can connect to a pre-installed Jump Client.
  3. From the Command Shell tab, start a new remote Command Shell.
  4. From the Scripts menu, choose Software > Install WDATP.

Please note: While Defender will run with the default settings, your client may need to connect to campus networks to receive Group Policy settings including AV configuration and firewall rules. 

Software > Install WDATP.

You can also uninstall Symantec Endpoint using the Unistall SEP script. 

Mac Onboarding through Jamf

  1. Go to the Security Center and navigate to the MS Doc on Defender Onboarding. 
  2. Create all of the individual Configuration Profiles per the Microsoft Documentation. Prefix all of your Profiles with "DEPT" so we can tell them apart in the console. The default settings are fully functional. 

 See the Macs and Defender page for details.