Merge pull request #3485 from MicrosoftDocs/main

denisebmsft · web-flow · commit 3fe7a04c8f9c · 2025-04-15T16:12:30.000-07:00
pushing fixes live
diff --git a/defender-endpoint/TOC.yml b/defender-endpoint/TOC.yml
@@ -108,15 +108,15 @@
         items:
         - name: Overview
           href: mde-planning-guide.md
-        - name: Step 1 - Set up Defender for Endpoint deployment
+        - name: Step 1 - Prepare for deployment
           href: production-deployment.md
         - name: Step 2 - Assign roles and permissions
           href: prepare-deployment.md
-        - name: Step 3 - Identify your architecture and deployment method
+        - name: Step 3 - Identify your architecture and select a deployment method
           href: deployment-strategy.md
-        - name: Step 4 - Onboard devices
+        - name: Step 4 - Onboard devices to Defender for Endpoint
           href: onboarding.md
-        - name: Step 5 - Configure Microsoft Defender for Endpoint capabilities
+        - name: Step 5 - Configure Defender for Endpoint capabilities
           href: onboard-configure.md
 
       - name: Onboard and configure devices
diff --git a/defender-endpoint/defender-endpoint-trial-user-guide.md b/defender-endpoint/defender-endpoint-trial-user-guide.md
@@ -69,7 +69,7 @@ This playbook is a simple guide to help you make the most of your free trial. Us
 
 To make sure your Defender for Endpoint subscription is properly provisioned, you can check your license state in either the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)) or Microsoft Entra ID ([https://portal.azure.com](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products)).
 
-[Check your license state](production-deployment.md#check-license-state).
+[Check your license state](production-deployment.md#check-your-license-state).
 
 ## Step 2: Set up role-based access control and grant permissions to your security team
 
diff --git a/defender-endpoint/deployment-strategy.md b/defender-endpoint/deployment-strategy.md
@@ -1,5 +1,5 @@
 ---
-title: Identify Defender for Endpoint architecture and deployment method
+title: Identify your architecture and select a deployment method for Defender for Endpoint
 description: Select the best Microsoft Defender for Endpoint deployment strategy for your environment.
 ms.service: defender-endpoint
 ms.author: deniseb
@@ -13,10 +13,10 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 12/12/2024
+ms.date: 04/15/2025
 ---
 
-# Identify Defender for Endpoint architecture and deployment method
+# Identify your architecture and select a deployment method for Defender for Endpoint
 
 **Applies to:**
 
@@ -26,7 +26,7 @@ ms.date: 12/12/2024
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
-If you're already completed the steps to set up your Microsoft Defender for Endpoint deployment, and you have assigned roles and permissions for Defender for Endpoint, your next step is to create a plan for onboarding. Your plan begins with identifying your architecture and choosing your deployment method.
+If you're already completed the steps to [prepare your environment for Defender for Endpoint](production-deployment.md), and you have [assigned roles and permissions for Defender for Endpoint](prepare-deployment.md), your next step is to create a plan for onboarding. This plan should begin with identifying your architecture and choosing your deployment method.
 
 We understand that every enterprise environment is unique, so we've provided several options to give you the flexibility in choosing how to deploy the service. Deciding how to onboard endpoints to the Defender for Endpoint service comes down to two important steps:
 
@@ -43,21 +43,27 @@ Depending on your environment, some tools are better suited for certain architec
 |**On-premises**|For enterprises who want to take advantage of the cloud-based capabilities of Microsoft Defender for Endpoint while also maximizing their investments in Configuration Manager or Active Directory Domain Services, we recommend this architecture.|
 |**Evaluation and local onboarding**|We recommend this architecture for SOCs (Security Operations Centers) who are looking to evaluate or run a Microsoft Defender for Endpoint pilot, but don't have existing management or deployment tools. This architecture can also be used to onboard devices in small environments without management infrastructure, such as a DMZ (Demilitarized Zone).|
 
-## Step 2: Select deployment method
+## Step 2: Select your deployment method
 
-Once you have determined the architecture of your environment and have created an inventory as outlined in the [requirements section](mde-planning-guide.md#requirements), use the table below to select the appropriate deployment tools for the endpoints in your environment. This will help you plan the deployment effectively.
+Once you have determined the architecture of your environment and have created an inventory as outlined in the [requirements section](mde-planning-guide.md#requirements), use the table below to select the appropriate deployment tools for the endpoints in your environment. This information will help you plan the deployment effectively.
 
 |Endpoint|Deployment tool|
 |---|---|
-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br/>  [Group Policy](configure-endpoints-gp.md) <br/>  [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br/>   [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br/> [VDI scripts](configure-endpoints-vdi.md)|
-|**Windows servers<br/>Linux servers** <br/>(Requires a server license) | [Onboard Windows devices using a local script](configure-endpoints-script.md)<br/>[Integration with Microsoft Defender for Cloud](azure-server-integration.md) |
-|**macOS**|[Local script](mac-install-manually.md) <br/> [Microsoft Intune](mac-install-with-intune.md) <br/> [JAMF Pro](mac-install-with-jamf.md) <br/> [Mobile Device Management](mac-install-with-other-mdm.md)|
-|**Linux servers**|[Local script](linux-install-manually.md) <br/> [Puppet](linux-install-with-puppet.md) <br/> [Ansible](linux-install-with-ansible.md) <br/> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/> [Saltstack](linux-install-with-saltack.md)<br/>[Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md)|
+| **Windows client devices** |[Microsoft Intune / Mobile Device Management (MDM)](configure-endpoints-mdm.md) <br/>[Microsoft Configuration Manager](configure-endpoints-sccm.md)<br/>[Local script (up to 10 devices)](configure-endpoints-script.md)<br/>[Group Policy](configure-endpoints-gp.md)<br/>[Non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)<br/>[Azure Virtual Desktop](onboard-windows-multi-session-device.md)<br/>[System Center Endpoint Protection and Microsoft Monitoring Agent](onboard-downlevel.md) (for previous versions of Windows) |
+|**Windows Server** <br/>(Requires a server license) | [Local script](configure-endpoints-script.md)<br/>[Integration with Microsoft Defender for Cloud](azure-server-integration.md)<br/>[Guidance for Windows Server with SAP](mde-sap-windows-server.md) |
+|**macOS**| [Intune](mac-install-with-intune.md)<br/>[JAMF Pro](mac-install-with-jamf.md) <br/>[Local script](mac-install-manually.md)(manual deployment) <br/>[MDM tools](mac-install-with-other-mdm.md)|
+|**Linux server**|[Installer script based deployment](linux-installer-script.md)<br/>[Ansible](linux-install-with-ansible.md)<br/>[Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/>[Puppet](linux-install-with-puppet.md) <br/>[Saltstack](linux-install-with-saltack.md)<br/>[Manual deployment](linux-install-manually.md)<br/>[Direct onboarding with Defender for Cloud](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)<br/>[Guidance for ARM64-based devices (preview)](mde-linux-arm.md)<br/>[Guidance for Linux with SAP](mde-linux-deployment-on-sap.md)|
 |**Android**|[Microsoft Intune](android-intune.md)|
 |**iOS**|[Microsoft Intune](ios-install.md) <br/> [Mobile Application Manager](ios-install-unmanaged.md) |
 
 > [!NOTE]
-> For devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager, you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Intune.
+> For devices that aren't managed by Intune or Configuration Manager, you can use the Defender for Endpoint Security Settings Management to receive security configurations directly from Intune.
+> To onboard servers to Defender for Endpoint, [server licenses](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-endpoint) are required. You can choose from these options:
+>
+> - [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/defender-for-servers-overview) (as part of the Defender for Cloud) offering
+- Microsoft Defender for Endpoint for servers
+- [Microsoft Defender for Business servers](/defender-business/get-defender-business#how-to-get-microsoft-defender-for-business-servers) (for small and medium-sized businesses only)
+
 
 ## Next step
 
diff --git a/defender-endpoint/media/mde-device-onboarding-ui.png b/defender-endpoint/media/mde-device-onboarding-ui.png
diff --git a/defender-endpoint/onboarding.md b/defender-endpoint/onboarding.md
@@ -1,5 +1,5 @@
 ---
-title: Onboard to Microsoft Defender for Endpoint
+title: Onboard devices to Microsoft Defender for Endpoint
 description: Learn how to onboard endpoints to Microsoft Defender for Endpoint service.
 ms.service: defender-endpoint
 ms.author: deniseb
@@ -20,7 +20,7 @@ search.appverid: met150
 ms.date: 04/03/2024
 ---
 
-# Onboard to Microsoft Defender for Endpoint
+# Onboard devices to Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
@@ -35,16 +35,21 @@ ms.date: 04/03/2024
 
 ## Onboard devices using any of the supported management tools
 
-The deployment tool you use influences how you onboard endpoints to the service.
+The deployment tool you use influences how you onboard endpoints to the service. Refer to your selected [deployment method](deployment-strategy.md#step-2-select-your-deployment-method).
 
-To start onboarding your devices:
+If you're onboarding devices in the Microsoft Defender portal, follow these steps:
 
-1. Go to [Select deployment method](deployment-strategy.md#step-2-select-deployment-method).
-2. Choose the Operating System for the devices you wish to Onboard.
-3. Select the tool you plan to use.
-4. Follow the instructions to Onboard your devices.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings** > **Endpoints**, and then, under **Device management**, select **Onboarding**.
 
-This video provides a quick overview of the onboarding process and the different tools and methods.
+   :::image type="content" source="media/mde-device-onboarding-ui.png" alt-text="Screenshot showing device onboarding in the Microsoft Defender portal for Defender for Endpoint.":::
+
+2. Under **Select operating system to start onboarding process**, select the operating system for the device.
+
+3. Under **Connectivity type**, select either **Streamlined** or **Standard**. (See [prerequisites for streamlined connectivity](/defender-endpoint/configure-device-connectivity#prerequisites).)
+
+4. Under **Deployment method**, select an option. Then download the onboarding package (and installation package, if there is one available). Follow the instructions to onboard your devices.
+
+The following video provides a quick overview of the onboarding process and the different tools and methods: 
 
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=2524ee5d-6a5f-482c-8f69-dc3792577c60]
 
@@ -59,7 +64,7 @@ This table provides an example of the deployment rings you might use:
 |Deployment ring|Description|
 |---|---|
 |Evaluate|Ring 1: Identify 50 devices to onboard to the service for testing.|
-|Pilot|Ring 2: Identify and onboard the next 50-100 endpoints in a production environment. Microsoft Defender for Endpoint supports various endpoints that you can onboard to the service, for more information, see [Select deployment method](deployment-strategy.md#step-2-select-deployment-method).|
+|Pilot|Ring 2: Identify and onboard the next 50-100 endpoints in a production environment. Microsoft Defender for Endpoint supports various endpoints that you can onboard to the service, for more information, see [Select deployment method](deployment-strategy.md#step-2-select-your-deployment-method).|
 |Full deployment|Ring 3: Roll out service to the rest of environment in larger increments. For more information, see [Get started with your Microsoft Defender for Endpoint deployment](mde-planning-guide.md).
 
 ### Exit criteria
diff --git a/defender-endpoint/production-deployment.md b/defender-endpoint/production-deployment.md
@@ -1,5 +1,5 @@
 ---
-title: Set up Microsoft Defender for Endpoint deployment
+title: Prepare to deploy Microsoft Defender for Endpoint
 description: Learn how to set up the deployment for Microsoft Defender for Endpoint.
 ms.service: defender-endpoint
 ms.author: deniseb
@@ -17,10 +17,10 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 05/08/2024
+ms.date: 04/15/2025
 ---
 
-# Set up Microsoft Defender for Endpoint deployment
+# Prepare to deploy Microsoft Defender for Endpoint deployment
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
@@ -45,51 +45,53 @@ In this deployment scenario, you're guided through the steps on:
 
 [!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
 
-## Check license state
+## Check your license state
 
-Checking for the license state and whether it was properly provisioned can be done through the admin center or through the **Microsoft Azure portal**.
+Checking for the license state and whether it was properly provisioned can be done through the Microsoft 365 admin center or through the **Microsoft Azure portal**.
 
-1. To view your licenses, go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products).
+- In the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/), in the navigation pane, expand **Billing**, and then select **Your products**.
 
-   :::image type="content" source="media/atp-licensing-azure-portal.png" alt-text="The Azure Licensing page" lightbox="media/atp-licensing-azure-portal.png":::
-
-1. Alternately, in the admin center, navigate to **Billing** \> **Subscriptions**.
-
-    On the screen, you see all the provisioned licenses and their current **Status**.
-
-    :::image type="content" source="media/atp-billing-subscriptions.png" alt-text="The billing licenses page":::
+- In the [Microsoft Azure portal](https://portal.azure.com/#home), under **Manage Microsoft Entra ID**, select **View**. Then, under **Manage**, select **Licenses**. 
 
 ## Cloud Service Provider validation
 
-To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the admin center.
+To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the Microsoft 365 admin center.
 
-1. From the **Partner portal**, select **Administer services > Office 365**.
+1. From the **Partner portal**, select **Administer services** > **Office 365**.
 
-2. Clicking on the **Partner portal** link opens the **Admin on behalf** option and gives you access to the customer admin center.
+2. Selecting the **Partner portal** link opens the **Admin on behalf** option and gives you access to the customer admin center.
 
    :::image type="content" source="media/atp-O365-admin-portal-customer.png" alt-text="The Office 365 admin portal" lightbox="media/atp-O365-admin-portal-customer.png":::
 
 ## Tenant Configuration
 
-Initiating Microsoft Defender for Endpoint tenant is easy. From the navigation menu, select any item under the Endpoints section, or any Microsoft Defender XDR feature such as Incidents, Hunting, Action center, or Threat analytics to start the tenant creation process.
+To provision Defender for Endpoint in your tenant, follow these steps:
+
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com) and sign in. 
 
-From a web browser, navigate to the [Microsoft Defender portal](https://security.microsoft.com).
+2. In the navigation pane, select any of the following items:
 
+   - Under **Assets**, select **Devices**.
+   - Under **Endpoints**, select an item, such as **Dashboard** or **Endpoint security policies**.
+   
 ## Data center location
 
 Microsoft Defender for Endpoint stores and process data in the [same location as used by Microsoft Defender XDR](/defender-xdr/m365d-enable). If Microsoft Defender XDR hasn't been turned on yet, onboarding to Defender for Endpoint also turns on Defender XDR, and a new data center location is automatically selected based on the location of active Microsoft 365 security services. The selected data center location is shown on the screen.
 
 ## Network configuration
 
-Ensure devices can connect to the Defender for Endpoint cloud services. The use of a proxy is recommended.
+Ensure devices can connect to the Defender for Endpoint cloud services. The use of a proxy is recommended. See the following articles to configure your network:
 
-[STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
-[STEP 2: Configure your devices to connect to the Defender for Endpoint service using a proxy](configure-proxy-internet.md).
-[STEP 3: Verify client connectivity to Microsoft Defender for Endpoint service URLs](verify-connectivity.md).
+1. [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
 
-In certain scenarios, you might want to allow traffic to IP addresses. Not all services are accessible in this way and you need to evaluate how to address this potential issue in your environment - for example, by centrally downloading then distributing updates. For more information, see [Option 2: Configure connectivity using static IP ranges](configure-device-connectivity.md#option-2-configure-connectivity-using-static-ip-ranges).
+2. [Configure your devices to connect to the Defender for Endpoint service using a proxy](configure-proxy-internet.md).
+
+3. [Verify client connectivity to Microsoft Defender for Endpoint service URLs](verify-connectivity.md).
+
+In certain scenarios, you might want to allow traffic to IP addresses. Not all services are accessible in this way and you need to evaluate how to address this potential issue in your environment. For example, you might need to download updates to a central location and then distribute them. For more information, see Configure connectivity using static IP ranges](configure-device-connectivity.md#option-2-configure-connectivity-using-static-ip-ranges).
 
 ## Next step
 
 - Continue to [Step 2 - Assign roles and permissions](prepare-deployment.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/switch-to-mde-phase-1.md b/defender-endpoint/switch-to-mde-phase-1.md
@@ -69,7 +69,7 @@ Now that you've updated your organization's devices, the next step is to get Def
 
 1. Buy or try Defender for Endpoint today. [Start a free trial or request a quote](https://aka.ms/mdatp). Microsoft 365 E3 includes Defender for Endpoint Plan 1, and Microsoft 365 E5 includes Defender for Endpoint Plan 2.
 
-2. Verify that your licenses are properly provisioned. [Check your license state](production-deployment.md#check-license-state).
+2. Verify that your licenses are properly provisioned. [Check your license state](production-deployment.md#check-your-license-state).
 
 3. Set up your dedicated cloud instance of Defender for Endpoint. See [Defender for Endpoint setup: Tenant configuration](production-deployment.md#tenant-configuration).
 
