Enable and Configure Office 365 Defender ATP with Intune

Back in 2016, Microsoft announced in Ignite the release of Defender Advanced Threat Protection as a premium Office 365 add-on for Enterprise Mobility and Security users.

Defender ATP

Defender Advanced Threat Protection (ATP) us an intelligent security system that protects endpoints from cyber threats and data breaches and attacks next-generation protection tools and services.

Requirements

To get ATP working you will need and a Microsoft 365 E5 license.

Get started

Because I am using Microsoft Intune with Microsoft 365 E5, I can enable the service and Intune to push the configuration to my clients and protect them with ATP.

To enable ATP, I will go the Microsoft Intune portal Windows Defender ATP and click on Open Windows Defender Security Center.

From the welcome screen I will start the Wizard to enable ATP

The first step is to setup the data storage location which comes with 3 locations

Next I will setup the date retention time in days

And numbers of machines

Once the configuration is done I will click continue to finish the ATP instance setup.

On-board Machines

In the section below, I will show how to onboard machines to Defender ATP using Microsoft Intune.

In the onboard page, I will select Intune and click on Download Package to download the configuration which will use later on the enrol machines.

Below you can see the downloaded package, I will unzip in and make it ready.

Intune Configuration (Create Device configuration Policy)

New the ATP is configured and I have the onboarding package ready, I will access Microsoft Intune portal -> Device Configuration -> Profiles and Create new profile

In the new Device configuration I will create a new profile by selecting Windows Advance Threat Protection and upload the configuration file

Once the configuration file is loaded I will click on Enable for both ATP options

In the alignments policy I will select all stuff

Once the policy is configured all E5 users on Windows 10 machines will be onboarded to Defender ATP.


Posted

in

by