Share via

Best practices for defender p1 plan for hybrid devices

Amarpreet Jhajj 0 Reputation points
2025-03-03T15:50:46.6366667+00:00
  • We use on-prem Active Directory which syncs to Azure Entra ID in our M365/Azure tenancy
  • All users are licensed for M365-E3 so all devices step-up from Windows 10/11 Pro to Enterprise
  • We have used a deploy script provided by Microsoft as part of the Defender for Endpoint pilot, and these do seem to be associating themselves with the right tenancy because we can see them when we login to https://security.microsoft.com using our admin account credentials.
  • Best practice configuration
  • How to configure email alerts if viruses or malware are detected
  • How to ensure all devices are running Defender for Endpoint (we don’t use Intune but all devices are “registered?” by way of up-stepping to Win10/11 Enterprise via M365 E3)
  • Monitoring and reporting – what threats have been detected and/or suppressed in the last x days/weeks
  • Web filtering
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
472 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Xenia-MSFT 4,930 Reputation points Microsoft External Staff
    2025-03-04T01:43:37.3033333+00:00

    @Amarpreet Jhajj Thanks for posting in our Q&A.

    For this issue, I will share you some information:

    Q1: How to configure email alerts if viruses or malware are detected?

    A1: Please refer to the following article:

    https://learn.microsoft.com/en-us/defender-business/mdb-email-notifications

    Q2: How to ensure all devices are running Defender for Endpoint?

    A1: Based on my understanding, you can check if the device's "managed by" shows "MDE" in intune portal. For example:

    User's image

    And you can see the events on your devices under Endpoints > Configuration management > Dashboard in Microsoft Defender portal.

    Q3: Monitoring and reporting – what threats have been detected and/or suppressed in the last x days/weeks.

    A3: Here are the reports we can get.

    https://learn.microsoft.com/en-us/defender-endpoint/threat-protection-reports

    Q4: Web filtering

    A4: Did you mean "Web content filtering"?

    https://learn.microsoft.com/en-us/defender-business/mdb-web-content-filtering

    In addition, all the configurations are more related to defender. If you want more help, it is suggested to contact defender support. Here is the support link:

    https://learn.microsoft.com/en-us/defender-endpoint/contact-support

    Hope it will help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.