{"id":4722,"date":"2022-03-15T14:35:22","date_gmt":"2022-03-15T12:35:22","guid":{"rendered":"https:\/\/www.msb365.blog\/?p=4722"},"modified":"2022-03-15T14:48:24","modified_gmt":"2022-03-15T12:48:24","slug":"defender-onboarding-with-powershell","status":"publish","type":"post","link":"https:\/\/www.msb365.blog\/?p=4722","title":{"rendered":"PowerShell Script &#8211; Defender onboarding"},"content":{"rendered":"<p>Not every company uses Microsoft Intune or System Center, but this does not mean that tools such as Microsoft Defender for Endpoint cannot be used. Only the distribution of the corresponding onboarding packages is not necessarily as simple as when, for example, Microsoft Intune is in use.<\/p>\n<p>Many tasks have to be done manually. To make onboarding easier, however, I have written a small script for this purpose, which I would like to present to you here.<\/p>\n<p>Before we can start with it, however, some tasks have to be prepared:<\/p>\n<p>\u00a0<\/p>\n<ul>\n<li>Go to the Microsoft 365 Defender portal (<a href=\"https:\/\/security.microsoft.com\" target=\"_blank\" rel=\"noopener\">https:\/\/security.microsoft.com<\/a>), and sign in.<\/li>\n<li>In the navigation pane, choose Settings > Endpoints, and then under Device management, choose Onboarding.<\/li>\n<li>Select an operating system, such as Windows 10 or 11, and then, in the Deployment method section, choose Local script.<\/li>\n<li>Select Download onboarding package<\/li>\n<\/ul>\n<p>(More information about that task you can find <strong><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-business\/mdb-onboard-devices?view=o365-worldwide#local-script-in-defender-for-business\" target=\"_blank\" rel=\"noopener\">here.<\/a><\/strong>)<\/p>\n<p>\u00a0<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"301\">When executing the script, the first thing to do is to specify the network path where the ZIP file is located, which was first created and downloaded by Microsoft.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_001-1.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-4726\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_001-1.png\" alt=\"\" width=\"710\" height=\"24\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_001-1.png 710w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_001-1-300x10.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_001-1-600x20.png 600w\" sizes=\"(max-width: 710px) 100vw, 710px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">The next step is to check whether a corresponding SUB directory exists where the ZIP file can be downloaded. If this directory does not exist, it is created at this point.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_002.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-4727\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_002.png\" alt=\"\" width=\"521\" height=\"163\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_002.png 521w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_002-300x94.png 300w\" sizes=\"(max-width: 521px) 100vw, 521px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">Now the ZIP file is downloaded from the file share.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_003.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-4728\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_003.png\" alt=\"\" width=\"479\" height=\"32\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_003.png 479w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_003-300x20.png 300w\" sizes=\"(max-width: 479px) 100vw, 479px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">In the next step, the ZIP file will be decompressed.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_004.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4729\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_004.png\" alt=\"\" width=\"504\" height=\"36\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_004.png 504w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_004-300x21.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_004-500x36.png 500w\" sizes=\"(max-width: 504px) 100vw, 504px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">At this point in the script we can now decide whether we want to execute the onboarding process automatically or manually. If the PowerShell console has been executed as an administrator, you can select the automatic option here without any problems.<\/p>\n<p>\u00a0<\/p>\n<p>Otherwise, it is recommended to select the manual option.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_005.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4730\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_005.png\" alt=\"\" width=\"899\" height=\"65\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_005.png 899w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_005-300x22.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_005-768x56.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_005-600x43.png 600w\" sizes=\"(max-width: 899px) 100vw, 899px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">If the manual option is selected, a subfolder will be created and the corresponding CMD file will be copied to it.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4731\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006.png\" alt=\"\" width=\"912\" height=\"163\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006.png 912w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006-300x54.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006-768x137.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006-600x107.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_006-905x163.png 905w\" sizes=\"(max-width: 912px) 100vw, 912px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">After this process is completed, the corresponding window opens automatically and the CMD is ready to be executed. It is important to note, however, that the CMD script must be executed with elevated permissions.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_007.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4732\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_007.png\" alt=\"\" width=\"884\" height=\"310\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_007.png 884w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_007-300x105.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_007-768x269.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_007-600x210.png 600w\" sizes=\"(max-width: 884px) 100vw, 884px\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td width=\"301\">However, if the automatic option was selected, the onboarding process will now start.<\/td>\n<td width=\"301\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4733\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008.png\" alt=\"\" width=\"1377\" height=\"167\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008.png 1377w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008-300x36.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008-1024x124.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008-768x93.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008-600x73.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008-905x110.png 905w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2022\/03\/new_008-1320x160.png 1320w\" sizes=\"(max-width: 1377px) 100vw, 1377px\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u00a0<\/p>\n<p>You can download my PowerShell script as usual on my<\/p>\n<blockquote><p><a href=\"https:\/\/github.com\/MSB365\/Onboard-Defender\/blob\/main\/Onboard-Defender.ps1\" target=\"_blank\" rel=\"noopener\">GitHub Repositpry<\/a><\/p><\/blockquote>\n<p>for free. I hope this script can support you in your daily work.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Not every company uses Microsoft Intune or System Center, but this does not mean that tools such as Microsoft Defender for Endpoint cannot be used. Only the distribution of the corresponding onboarding packages is not necessarily as simple as when, for example, Microsoft Intune is in use. Many tasks have to be done manually. To [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4724,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[685,1923,3],"tags":[],"class_list":["post-4722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-microsoft-365","category-powershell"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/4722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4722"}],"version-history":[{"count":4,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/4722\/revisions"}],"predecessor-version":[{"id":4736,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/4722\/revisions\/4736"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/media\/4724"}],"wp:attachment":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}