Microsoft’s Defender deployment tool for Windows helps administrators manage device onboarding at scale with updated progress visibility and additional controls.
Simplified deployment with added administrative controls
The tool adapts to the operating system and supports endpoint security across a broad range of Windows devices. It eliminates the need for separate onboarding files for modern and legacy systems by embedding the onboarding package and related information into a downloadable .exe file that can be run to onboard devices.
The updated experience is designed to make onboarding more predictable and transparent. It introduces administrative controls that limit risk if onboarding packages are shared outside the organization.
Administrators can use a single executable that includes all required onboarding information, with no separate file needed. Silent and non-interactive options support large-scale deployments through tools such as Group Policy or Configuration Manager.
Custom package identifiers support tracking and management across environments, and packages can be set to expire within one year. Name identifiers and keys provide additional oversight. The Defender portal also adds new entry points and guidance to help administrators select onboarding or offboarding methods for Windows, including direct access from the device inventory page.
Tracking onboarding progress
Deployment tool events appear in the device timeline and advanced hunting tabs. These views provide insight into onboarding progress and errors, allowing administrators to address issues as they occur.
“On the new deployment packages page, you can see your organization’s onboarding packages at a glance and click to see more package properties, increasing visibility and traceability within the onboarding process. This is a great foundation for adding even more onboarding-related telemetry to view per device in the future. You can even filter by active or expired packages and hide packages you no longer wish to see,” Sinclaire Hamilton, Senior Security Product Manager at Microsoft, explained.
The updated Defender deployment tool for Windows is available through Settings > Endpoints > Onboarding > Windows, or directly from the device inventory page. Onboarding and offboarding guides are available on the new onboarding page in the Defender portal.
The Defender deployment tool is also available for Linux.
