Zehadi Alam
Introduction
For mass device onboarding to Microsoft Defender for Endpoint, utilizing group policy is recommended, especially for devices not managed by Intune. IT units whose devices are enrolled in Intune are encouraged to follow the onboarding steps outlined in Defender Onboarding using Intune - Windows. The following section outlines the procedure that UGA IT units can follow to onboard their devices using group policy.
Implementation
1. Open the Group Policy Management Console and create a new GPO.
2. In the Group Policy Management Editor, Navigate to Computer Configuration → Preferences → Control Panel settings.
3. Right-click Scheduled Tasks, select New, and select Immediate Task (At least Windows 7).
4. Select Change user or Group
5. Specify the SYSTEM account and click OK.
6. Ensure the settings reflect the following
7. Navigate to the Actions tab and select New. Select Start a program for Action and specify the UNC path to the WindowsDefenderATPOnboardingScript.cmd script. The UNC path is
\\msmyid.uga.edu\netlogon\DefenderATP\WindowsDefenderATPOnboardingScript.cmd
Click OK to save the action and OK again to return to the Group Policy Management Editor.
8. Navigate to Computer Configuration → Policies → Administrative templates → Windows components → Windows Defender ATP
9. Double-click the Enable\Disable Sample Collection setting. Choose Enabled and check the Enable sample collection on machines option. Click OK.
10. Link the GPO to your Computers OU. You can verify the onboarding status of your devices in the Microsoft Defender portal. If you do not have access to the portal, please see the Accessing the Microsoft Defender Portal article for instructions on how to request access.
