Defender for Business covers most of the functionality of Defender for Endpoint (Plan 2). I have the comparison of the different versions here detained. The setup or onboarding and operation of Defender for Business can either be carried out identically to the Enterprise variant or with the simplified configuration. I would like to deal specifically with this simplified configuration in this article.
info: The Defender for Business licenses should be available in all tenants with an active Microsoft 365 Business Premium license by the beginning of March.
Setup / Onboarding Defender for Business
If the license has only been active for a short time, it may be that im Microsoft 365 Security Center the following message is also displayed under device inventory. In this case some patience is required (5-10min).
As soon as all services are registered in the tenant, the setup can begin.
In the first step we choose whether all MEM (Intune) registered devices should register automatically or if we want to create a manual policy. I prefer to cover all devices with one click here.
It is important that you have already actively enrolled three or more devices in MEM/Intune. Otherwise the automatic onboarding process will not work.
Then we select the simplified administration.
With the "Continue using MEM" option, all configurations are managed in the Endpoint Manager. Simplified administration provides a central location for analysis and policy on Defender.
If there are already existing guidelines that could clash with those of the simplified configuration, they are listed. It is important that the guidelines do not overlap, otherwise conflicts and errors may arise.
If the guidelines are not removed, a further note will appear once. But it is sufficient if you remove the assignment. It is important that there are no conflicts between the various rules.
Finally, we are presented with a brief overview of the configuration, which we confirm with "Submit".
The process then takes a few seconds.
Upon completion, a message is presented with links to the overview and configuration. (The device overview is still empty until the devices are enrolled and sending data.)
Next generation protection
The guideline for "next-generation protection", as it is called in marketing language, offers the settings according to Microsoft best practices. This makes sense and can be adopted. I also set the "Use low performance" option to active in each case in order to be able to hide the task from the user as far as possible, so that the user has no restrictions or loss of performance.
The firewall rule is kept to a minimum and strict. User-defined guidelines are packaged quickly and clearly and are therefore easily added.
The devices do not immediately appear in the overview. As soon as they are visible, it takes another 8 hours until the inventory shows the first results and thus measures and suggestions for improvement. This behavior and the views do not differ in any way from that of Defender for Endpoint, Plan 1 or 2.
The presentation of "Vulnerability management" is also identical. This means that if you are already familiar with Defender for Endpoint, you will feel comfortable here.
Defender for Business offers very easy onboarding. In addition, the simplified dashboard with the integrated configuration is very attractive for smaller companies. Especially if someone does not want to deal too deeply with the topic, the simplified configuration is completely sufficient. It is also possible to switch to the configuration via MEM at any time. I also really like the fact that I have clearly arranged all the options in a dashboard.
For larger companies (30+) or those with different locations and requirements, I advise against the simplified administration, as the subdivision then becomes difficult very quickly. Some other functions that are theoretically included in the license are not (yet?) integrated in the simplified administration. This includes, for example, attack surface reduction, application control and guard as well as the compliance settings.
Pingback: Defender for Business for iOS Deployment - zero-touch | scloud
Pingback: Defender for Business for Android - MAM | scloud
Pingback: Defender for Endpoint: Failed to enable Intune integration | scloud
If I choose to "manual onboarding process" could I change it later to "automatic onboarding process"?
I would love to start with a small group of devices to test it and if everything goes correct add the rest and future devices automatically.
Is that posible?
Is there also a way to know which policies are what are causing conflict during the onboarding process. I have one I have deletect all the policies related to defender but sitll ask me to delete it. I would rather not delete it because it has my custom start menu layout.
Yes, you can change to the automatic afterwards.
Unfortunately, it shows you only the whole policy. But you can click "confirm" anyways and after applying the new policies to a device it will show you the conflicts.