Identify Defender for Endpoint architecture and deployment method

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

If you're already completed the steps to set up your Microsoft Defender for Endpoint deployment, and you have assigned roles and permissions for Defender for Endpoint, your next step is to create a plan for onboarding. Your plan begins with identifying your architecture and choosing your deployment method.

We understand that every enterprise environment is unique, so we've provided several options to give you the flexibility in choosing how to deploy the service. Deciding how to onboard endpoints to the Defender for Endpoint service comes down to two important steps:

The deployment flow

Step 1: Identify your architecture

Depending on your environment, some tools are better suited for certain architectures. Use the following table to decide which Defender for Endpoint architecture best suits your organization.

Architecture Description
Cloud-native We recommend using Microsoft Intune to onboard, configure, and remediate endpoints from the cloud for enterprises who don't have an on-premises configuration management solution or are looking to reduce their on-premises infrastructure.
Co-management For organizations who host both on-premises and cloud-based workloads we recommend using Microsoft's ConfigMgr and Intune for their management needs. These tools provide a comprehensive suite of cloud-powered management features, and unique co-management options to provision, deploy, manage, and secure endpoints and applications across an organization.
On-premises For enterprises who want to take advantage of the cloud-based capabilities of Microsoft Defender for Endpoint while also maximizing their investments in Configuration Manager or Active Directory Domain Services, we recommend this architecture.
Evaluation and local onboarding We recommend this architecture for SOCs (Security Operations Centers) who are looking to evaluate or run a Microsoft Defender for Endpoint pilot, but don't have existing management or deployment tools. This architecture can also be used to onboard devices in small environments without management infrastructure, such as a DMZ (Demilitarized Zone).

Step 2: Select deployment method

Once you have determined the architecture of your environment and have created an inventory as outlined in the requirements section, use the table below to select the appropriate deployment tools for the endpoints in your environment. This will help you plan the deployment effectively.

Endpoint Deployment tool
Windows Local script (up to 10 devices)
Group Policy
Microsoft Intune/ Mobile Device Manager
Microsoft Configuration Manager
VDI scripts
Windows servers
Linux servers

(Requires a server license)
Onboard Windows devices using a local script
Integration with Microsoft Defender for Cloud
macOS Local script
Microsoft Intune
JAMF Pro
Mobile Device Management
Linux servers Local script
Puppet
Ansible
Chef
Saltstack
Defender for Endpoint on Linux for ARM64-based devices (preview)
Android Microsoft Intune
iOS Microsoft Intune
Mobile Application Manager

Note

For devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager, you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Intune.

Next step

After choosing your Defender for Endpoint architecture and deployment method continue to Step 4 - Onboard devices.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.