Skip to content

Automate Microsoft Defender for Endpoint Deployment on Windows Server 2012 R2 and 2016

Published by lazy-admin on Aug 1, 2024

Automate Microsoft Defender for Endpoint Deployment on Windows Server 2012 R2 and 2016

Introduction

Ensuring that servers are protected with the latest security measures is crucial for maintaining a secure IT environment. Microsoft Defender for Endpoint is an essential component in this strategy, providing robust protection against a wide range of threats. However, deploying Defender for Endpoint on down-level servers, such as Windows Server 2012 R2 and Windows Server 2016, requires enabling specific features beforehand. This process can be time-consuming and error-prone if done manually across multiple servers.

To address this challenge, I have developed a PowerShell script designed to audit and install Microsoft Defender for Endpoint on these servers automatically. This script significantly accelerates the deployment process, ensuring that all servers are adequately protected with minimal administrative effort.

Prerequisites for Defender for Endpoint on Down-Level Servers

Before diving into the script, it’s essential to understand the specific features that need to be enabled on down-level servers for Microsoft Defender for Endpoint. According to Microsoft’s documentation, the following features must be enabled:

  • Windows-Defender-Features: This is the primary feature that includes the necessary components for Microsoft Defender Antivirus and related services.
  • Windows-Defender-GUI: Provides the graphical user interface for Microsoft Defender Antivirus.
  • Windows-Defender-AV: The core antivirus feature required for Microsoft Defender.
  • Windows-Defender-ATP: Required for enabling the advanced threat protection capabilities of Microsoft Defender for Endpoint.

Script Overview

Our PowerShell script automates the auditing and installation of Microsoft Defender for Endpoint on Windows Server 2012 R2 and Windows Server 2016. The script performs the following functions:

  1. Active Directory Query: Identifies servers running Windows Server 2012 R2 and Windows Server 2016.
  2. Defender Status Check: Verifies if Microsoft Defender for Endpoint is installed on each server.
  3. Automated Installation: Installs the necessary Defender features on servers where they are not present.
  4. Verbose Installation Logs: Provides detailed output during the installation process for tracking.
  5. Status Reporting: Indicates the status of each server, including connection issues and installation success or failure.
  6. CSV Export: Outputs the audit and installation results to a CSV file.

How the Script Works

  1. Querying Active Directory: The script begins by querying Active Directory to identify all servers running Windows Server 2012 R2 and Windows Server 2016. This ensures that only the relevant servers are audited and updated.
  2. Checking Defender Status: For each identified server, the script checks whether the necessary Microsoft Defender features are installed. This is done by querying the installed Windows features.
  3. Installing Defender for Endpoint Features: If the required features are not installed, the script proceeds to install them using the Install-WindowsFeature cmdlet. The installation process is logged verbosely to provide detailed feedback on the progress.
  4. Handling Errors and Reboots: The script is designed to handle common issues such as server connectivity problems. If a server is offline or not available, the script logs this status and continues with the next server. Additionally, if a reboot is required after installation, the script logs this requirement.
  5. Exporting Results: After auditing and installing the necessary features on all relevant servers, the script exports the results to a CSV file. This file provides a comprehensive report of the actions taken, including the status of each server.

Usage Instructions

To use the script, follow these steps:

  1. Download the Script from GitHub: Save the script file as ServerDefender_AuditAndInstall.ps1.
  2. Run the Script: Open PowerShell with administrative privileges and execute the script:

  1. Review the Results: The script will output the status of each server to the console and export the results to a CSV file named DefenderForEndpointAudit.csv in the same directory as the script.

Output

  • Console Output: Displays the status of each server as the script runs, indicating:
    • Connection success or failure.
    • Installation progress with verbose logging.
    • Final status (e.g., Installed, Installed (Reboot Required), Offline or Not Available).
  • CSV File: DefenderForEndpointAudit.csv containing:
    • ServerName: The name of the server.
    • OperatingSystem: The operating system of the server.
    • DefenderStatus: The status of Microsoft Defender for Endpoint on the server.

Conclusion

Automating the deployment of Microsoft Defender for Endpoint on down-level servers using this PowerShell script can save organizations significant time and effort. By ensuring that all servers are protected quickly and efficiently, organizations can maintain a robust security posture with minimal administrative overhead.

For more information on the prerequisites for Microsoft Defender for Endpoint, refer to the official Microsoft documentation.

For any questions or further assistance, feel free to contact me at Shaun@thatlazyadmin.com or visit www.thatlazyadmin.com.

Post Views: 834

Sharing is caring!

Published inMicrosoft Defender for EndpointMicrosoft Defender XDR

Be First to Comment

Leave a Reply

Your email address will not be published.