Try this first
- 1Turn on Defender for Endpoint in security.microsoft.com via Settings, Endpoints, Onboarding. Pick Plan 1 or Plan 2 depending on your license.
- 2For Windows laptops: link Defender through Intune. Endpoint security, Endpoint Detection and Response, set 'Microsoft Defender for Endpoint client configuration package type' to Auto. Target all compliant devices.
- 3For Mac: download the onboarding package and deploy through Intune or your MDM into /Library. Mac onboarding is under-documented, plan an extra hour.
- 4Turn ASR rules on Audit first, then Block. Start with the three heaviest: Block Office applications from creating child processes, Block JavaScript from launching downloaded executable content, Block credential stealing from LSASS.
- 5Set the alert flow. Who gets the mail, who watches security.microsoft.com, and who handles incident response? Without someone watching, EDR is an expensive dashboard.
When to bring us in
If you do not have in-house capacity to triage alerts, pick between MDR (Managed Detection and Response) from a third party, or upgrade to Defender for Business with Microsoft Defender Experts. Otherwise the EDR is only on paper.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.