Skip to content
Defender for Business setup onboarding
Home » Defender for Business onboarding/setup

Defender for Business onboarding/setup

Defender for Business covers most of the functionality of Defender for Endpoint (Plan 2). I have the comparison of the different versions here detained. The setup or onboarding and operation of Defender for Business can either be carried out identically to the Enterprise variant or with the simplified configuration. I would like to deal specifically with this simplified configuration in this article.

info: The Defender for Business licenses should be available in all tenants with an active Microsoft 365 Business Premium license by the beginning of March.

Setup / Onboarding Defender for Business

If the license has only been active for a short time, it may be that im Microsoft 365 Security Center the following message is also displayed under device inventory. In this case some patience is required (5-10min).

Defender for Business - Hang on!

As soon as all services are registered in the tenant, the setup can begin.

Defender for Business - start setup

In the first step we choose whether all MEM (Intune) registered devices should register automatically or if we want to create a manual policy. I prefer to cover all devices with one click here.
It is important that you have already actively enrolled three or more devices in MEM/Intune. Otherwise the automatic onboarding process will not work.

Defender for Business - Automatic onboarding process

Then we select the simplified administration.
With the "Continue using MEM" option, all configurations are managed in the Endpoint Manager. Simplified administration provides a central location for analysis and policy on Defender.

Defender for Business - MDB simplified

If there are already existing guidelines that could clash with those of the simplified configuration, they are listed. It is important that the guidelines do not overlap, otherwise conflicts and errors may arise.
If the guidelines are not removed, a further note will appear once. But it is sufficient if you remove the assignment. It is important that there are no conflicts between the various rules.

Defender for Business - default policies
Defender for Business - Error

Finally, we are presented with a brief overview of the configuration, which we confirm with "Submit".

Defender for Business - submit configuration

The process then takes a few seconds.

Defender for Endpoint - Hold on

Upon completion, a message is presented with links to the overview and configuration. (The device overview is still empty until the devices are enrolled and sending data.)

Defender for Business - You're all set

default policies

Next generation protection

The guideline for "next-generation protection", as it is called in marketing language, offers the settings according to Microsoft best practices. This makes sense and can be adopted. I also set the "Use low performance" option to active in each case in order to be able to hide the task from the user as far as possible, so that the user has no restrictions or loss of performance.

Defender for Business - Next-generation protection


The firewall rule is kept to a minimum and strict. User-defined guidelines are packaged quickly and clearly and are therefore easily added.

Defender for Business-Firewall

Device overview

The devices do not immediately appear in the overview. As soon as they are visible, it takes another 8 hours until the inventory shows the first results and thus measures and suggestions for improvement. This behavior and the views do not differ in any way from that of Defender for Endpoint, Plan 1 or 2.

Defender for Business - Device inventory

The presentation of "Vulnerability management" is also identical. This means that if you are already familiar with Defender for Endpoint, you will feel comfortable here.

Defender for Business - Vulnerability management

My thoughts

Defender for Business offers very easy onboarding. In addition, the simplified dashboard with the integrated configuration is very attractive for smaller companies. Especially if someone does not want to deal too deeply with the topic, the simplified configuration is completely sufficient. It is also possible to switch to the configuration via MEM at any time. I also really like the fact that I have clearly arranged all the options in a dashboard.
For larger companies (30+) or those with different locations and requirements, I advise against the simplified administration, as the subdivision then becomes difficult very quickly. Some other functions that are theoretically included in the license are not (yet?) integrated in the simplified administration. This includes, for example, attack surface reduction, application control and guard as well as the compliance settings.

5 thoughts on “Defender for Business Onboarding / Setup”

  1. Pingback: Defender for Business for iOS Deployment - zero-touch | scloud

  2. Pingback: Defender for Business for Android - MAM | scloud

  3. Pingback: Defender for Endpoint: Failed to enable Intune integration | scloud

  4. If I choose to "manual onboarding process" could I change it later to "automatic onboarding process"?

    I would love to start with a small group of devices to test it and if everything goes correct add the rest and future devices automatically.

    Is that posible?

    Is there also a way to know which policies are what are causing conflict during the onboarding process. I have one I have deletect all the policies related to defender but sitll ask me to delete it. I would rather not delete it because it has my custom start menu layout.

    1. Yes, you can change to the automatic afterwards.

      Unfortunately, it shows you only the whole policy. But you can click "confirm" anyways and after applying the new policies to a device it will show you the conflicts.

Leave a Reply

Your email address will not be published. Required fields are marked *