Microsoft has unveiled enhancements to its Defender deployment tool for Windows, aimed at streamlining the onboarding process for administrators managing device security at scale. This tool now offers improved progress visibility and additional administrative controls, ensuring a more efficient experience.
Simplified deployment with added administrative controls
The updated deployment tool is designed to adapt seamlessly to various Windows operating systems, providing robust endpoint security across a wide array of devices. One of its key features is the elimination of the need for separate onboarding files for both modern and legacy systems. Instead, it consolidates the onboarding package and all related information into a single downloadable .exe file, simplifying the onboarding process.
This new experience enhances predictability and transparency during onboarding. It introduces administrative controls that mitigate risks associated with sharing onboarding packages outside the organization. Administrators can now utilize a single executable that encompasses all necessary onboarding details, eliminating the hassle of managing multiple files.
For large-scale deployments, the tool supports silent and non-interactive options, which can be integrated with Group Policy or Configuration Manager. Additionally, custom package identifiers facilitate tracking and management across different environments, with the capability for packages to expire within one year. Enhanced oversight is provided through name identifiers and keys. The Defender portal further enriches the user experience by adding new entry points and guidance, enabling administrators to easily select onboarding or offboarding methods for Windows devices, including direct access from the device inventory page.
Tracking onboarding progress
Administrators can now monitor deployment tool events through the device timeline and advanced hunting tabs, which offer valuable insights into onboarding progress and any errors that may arise. This real-time visibility allows for prompt resolution of issues as they occur.
“On the new deployment packages page, you can see your organization’s onboarding packages at a glance and click to see more package properties, increasing visibility and traceability within the onboarding process,” remarked Sinclaire Hamilton, Senior Security Product Manager at Microsoft. “This is a great foundation for adding even more onboarding-related telemetry to view per device in the future. You can even filter by active or expired packages and hide packages you no longer wish to see.”
The updated Defender deployment tool for Windows is accessible via Settings > Endpoints > Onboarding > Windows, or directly from the device inventory page. Comprehensive onboarding and offboarding guides are also available on the new onboarding page within the Defender portal. Notably, the Defender deployment tool extends its capabilities to Linux as well, ensuring a broad spectrum of support for diverse operating environments.
