Microsoft has upgraded its Defender deployment tool for Windows, which assists administrators in managing device onboarding efficiently at scale. The latest version brings improved visibility into progress and provides additional administrative controls.
Simplified Deployment with Enhanced Controls
This tool is designed to adapt to various operating systems and supports endpoint security across a wide array of Windows devices. By embedding the onboarding package and related information into a single downloadable .exe file, it eliminates the need for separate onboarding files for both modern and legacy systems.
The enhanced experience aims to make the onboarding process more predictable and transparent. New administrative controls help mitigate risks associated with the sharing of onboarding packages outside the organization.
Administrators can now utilize a single executable that contains all necessary onboarding information, removing the requirement for additional files. Options for silent and non-interactive installations facilitate large-scale deployments using tools like Group Policy or Configuration Manager.
Custom package identifiers enable tracking and management across different environments, with the added ability to set package expiration dates within one year. Moreover, name identifiers and keys provide further oversight. The Defender portal has introduced new entry points and guidance, assisting administrators in selecting onboarding or offboarding methods for Windows, including direct access from the device inventory page.
Monitoring Onboarding Progress
Events related to the deployment tool are now visible in the device timeline and advanced hunting tabs. These features offer insights into onboarding progress and any errors that may arise, allowing administrators to swiftly address issues as they occur.
“On the new deployment packages page, you can see your organization’s onboarding packages at a glance and click to see more package properties, increasing visibility and traceability within the onboarding process. This is a great foundation for adding even more onboarding-related telemetry to view per device in the future. You can even filter by active or expired packages and hide packages you no longer wish to see,” explained Sinclaire Hamilton, Senior Security Product Manager at Microsoft.
The updated Defender deployment tool for Windows can be accessed through the Settings > Endpoints > Onboarding > Windows path, or directly from the device inventory page. Additionally, onboarding and offboarding guides are now available on the new onboarding page within the Defender portal.
For those using Linux, the Defender deployment tool is also accessible.
