Setting Up Microsoft Defender for Endpoint - A First Timer's Guide
Defender for Endpoint is a wonderful cybersecurity tool that works in Macs and PCs and in PCs works with Windows Defender, other Defender flavors that Microsoft produces etc. It has the following benefits:
- Core Defender Vulnerability Management
- Attack surface reduction
- Next-generation protection
- Endpoint detection and response
- Automated investgation and remediation
- Microsoft secure score for devices
- Microsoft threat experts
- Centralized configuration and administration, APIs
- Integration with other Microsoft Solutions
- Microsoft Defender XDR
When you buy a license for the first time, you’ll have to wait for 30 mins to an hour for it to be fully deployed. After that you need to download an ‘onboarding package’ which is visible under ‘Onboarding’ card on the Overview page and install it in the machine of your choice.
If you cannot find it there (MS keeps on making changes to the UI all the time), you can try it under Setting –> Endpoints –> Device Management –> Onboarding under security.microsoft.com. Bottomline is you need to wait for upto an hour to see that appear. Hopefully, MS will make it appear much faster.
Also, the onboarding package can be installed remotely into another machine via administrator powershell by typing the script name in full and hitting enter.
And lastly, you get to install Defender into five machines per license.
Microsoft Defender does not support Windows Home editions
Sadly, Windows Home devices cannot be onboarded to the fantastic Windows Defender for Endpoint (see minimum requirements here: https://learn.microsoft.com/en-us/defender-endpoint/minimum-requirements?view=o365-worldwide#hardware-and-software-requirements). If you try to onboard them using the onboarding script, this is what you get:
[Error Id: 15, Error Level: 1] Unable to start Microsoft Defender for Endpoint Service. Error message: The service name is invalid. For more information, visit: https://go.microsoft.com/fwlink/p/?linkid=822807
The only way out is to upgrade the home machines to Windows Professional.
Perhaps this reflects some business or sales strategy on Microsoft’s part, but it does raise a valid question: why is a feature available for Mac and Linux platforms, yet excluded from Windows Home editions? This discrepancy seems puzzling, especially since covering all major systems could offer more consistent user experiences and align with user expectations.
😵