Comprehensive guide to Windows SCCM MDE onboarding: retrieving the MDE onboarding package from the Defender portal and utilizing an SCCM server to deploy the Agent to connected Windows devices that are attached to a Domain Controller.
Gather Windows MDE SCCM Package
- Navigate to the Endpoint Onboarding – Microsoft Defender portal, from this page specify the Operating System as Windows 10 and 11, Connectivity Type as Streamlined, Deployment Method as Microsoft Endpoint Configuration Manger current branch and later.
- Once the proper selections have been made, locate, and select Download onboarding package, a GatewayWindowsDefenderATPOnboardingPackage.zip file will be stored to the Downloads folder on the User account.
- We will need to extract the contents of the package, the extracted .zip folder should house a file named WindowsDefenderATP.onboarding.
- After the extraction process has been completed, we will want to relocate the .onboarding file to the desired SCCM Server where desired Windows machines that are wishing to MDE join can have access to these resources.
Deploying Windows SCCM MDE Package
- On the desired SCCM Server, we will access the SCCM application.
- From the Configuration Manager console, we will navigate to Administration and select Client Settings, we will either create custom Client Device Settings or go to the properties of the Required Client Settings and select Endpoint Protection.
- For Microsoft Defender for Endpoint Client on Windows Server 2012 R2 and Windows Server 2016 settings, the default value is set as Microsoft Monitoring Agent MMA (legacy) which needs to be changed to MDE Client (recommended). Select OK to continue.
- Once the Endpoint Protection settings have been specified, we will move navigate to Assets and Compliance and select Endpoint Protection. This will open a new window; we will want to navigate to Microsoft Defender ATP Policies and select Create Microsoft Defender ATP Policy. This should initiate a policy wizard to open.
- Supply a Name and Description for the Microsoft Defender for Endpoint policy and select Onboarding.
- Next you will be redirected to a page where you will need to supply the previously extracted WindowsDefenderATP.onboarding file, this can be achieved by selecting Browse and navigating through the File Explorer window until you get to the desired file path where the file had been transferred to. Once the file appears under Configuration File select Next to continue.
- After the configuration file has been uploaded, we will need to specify the file samples that will be collected and shared to the Microsoft Defender portal for the onboarded devices. We will want to specify that All file types are shared.
- Once the configuration file and the file samples have been specified, we will progress through the configuration summary and complete the policy wizard.
- After the wizard is closed, the policy should generate in the listed, we will want to right-click on the policy and select Deploy to target the Microsoft Defender for Endpoint policy to clients.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.