Many companies that have previously used third-party tools plan to migrate to Microsoft Defender and Defender for Endpoint. More powerful endpoint protection and full integration with other Microsoft solutions are convincing. So if you want to avoid third-party tools in the future, you can switch to the protection integrated with the operating system in Windows. In the following blog article, we will show you the steps involved in the migration process.
In general, moving to Microsoft Defender and Defender for Endpoint consists of the following three phases:
Preparation for Migration
In this phase, the requirements for using Defender are clarified and the employees get an impression of the options that can be used for administration. Important points here are that the appropriate licenses are available, that both the Defender Antivirus component and the Endpoint Detection and Response functionalities from the client can communicate with the corresponding network endpoints from Microsoft and that the IT security admins have the necessary authorizations for configuration received. At the end of the preparation phase, it is clear how the client settings will be configured and the Defender for Endpoint onboarding will be carried out. Here, especially for Windows 10 and 11, Android, iOS, and macOS, we rely on management via the Microsoft Endpoint Manager (Intune).
- Defender for Endpoint onboarding is easy to integrate
- Configuration reporting options based on each individual setting
- End devices that are in the home office and have no connection to the domain can also be managed
- Endpoint risk levels can be built into your Zero Trust strategy
- The last point, in particular, is very helpful and can be integrated into the compatibility assessment of the end devices at the following point :
Setup of Defender and Microsoft Defender for Endpoint
After the preparations are complete, the configurations can be made. In most cases, installing a third-party solution will only disable Defender for Windows 10 or 11, not uninstall it. The configuration of the Defender Antivirus can now be carried out via the Microsoft Endpoint Manager. In this phase, the setup of Defender for Endpoint provides that necessary exclusions can be defined and configured.
Onboarding to Microsoft Defender for Endpoint
Microsoft Endpoint Manager can also handle onboarding. The configuration automatically switches Defender Antivirus to passive mode, so that Defender functionalities can be used in addition to the third-party virus scanner that is still active. These include the following:
Files are additionally scanned with Defender and potential threats are detected
With an active endpoint detection and response capability of Defender for Endpoint, potential threats not detected by the primary virus scanner can be remedied
Furthermore, the IT security admins can already familiarize themselves with the new portal e.g. B. Define notification rules or device groups.
If the clients are listed in Defender for Endpoint and Defender is running in passive mode, the third-party software can be uninstalled. After that, Defender Antivirus will switch to active mode and will be configured according to the prepared policies.
Android 12 and Microsoft Intune Device Management
Android 12 will be released shortly and the new operating system version will also change some settings and options in connection with mobile device management solutions such as Microsoft Intune. Innovation in the area of ”data protection” will mean that apps such as the Microsoft SharePoint Consulting Company Portal app will no longer be able to access device information such as serial number, IMEI (International Mobile Equipment Identity) or MEID (Mobile Equipment Identifier) on personal devices with a work profile. The following points should be considered when introducing and supporting Android 12, especially if employees’ private devices are allowed:
1. The Serial Number or IMEI Can no Longer be Used as a Company Identifier
If enrollment restrictions are used in Intune that block BYOD for Android, then devices registered via the serial number or IMEI can no longer be rolled out by the user via the company portal app in Intune.
2. The Attributes Can no Longer be Used for Certificate Requests Either
When rolling out device certificates via SCEP or PFX, care must be taken for the profile type “User-owned devices with work profile” that the attributes serial number, IMEI, and MEID can no longer be used in the certificate. If attributes are used here that are not filled for the device, the roll-out of the profile will fail.
3. Checking Third-Party VPN Profiles
Some VPN providers use the device’s IMEI as a network access identifier (NAC). Here, with the VPN solution used, it should be checked whether an alternative such as identification via the MAC address is possible.