Server Management

Installing Microsoft Defender for Endpoint on Windows Servers on 172.x.x.x IPs

Last modified 1/6/2023

Before you Begin

This configuration sets up Window's built-in WinHTTP proxy to allow Microsoft Defender for Endpoint (MDE) and the built-in Defender Antivirus to use.  The proxy must be configured for devices that cannot reach the internet and must be in place before you attempt to onboard the device to MDE.

If the proxy configuration of the device was not applied before a MDE onboarding was attempted, it may finish onboarding when the proxy configuration has been properly applied.

If you choose the manual methods of installation you will need to submit a ticket to "AT CCA" for the files used in the instructions below. 

Deployment

  • Windows Server 2019/2022

Automated

  1. Link Group Policy "ISU Server - WinHTTP Proxy" to add the proxy.

  2. Deploy the MDE Onboarding Application called "ISU Microsoft Defender for Endpoint (Windows Server 2019/2022)" via ConfigMgr.

Manual

  1. Link Group Policy "ISU Server - WinHTTP Proxy" to add the proxy.

  2. Copy over and extract the installation media - "MDE-Install-2019.zip"

  3. Run Onboarding .CMD File as Admin

  • Windows Server 2012R2/2016

Automated

  1. Link Group Policy "ISU Server - WinHTTP Proxy" to add the proxy.

  2. Deploy the MDE Onboarding Application called "ISU Microsoft Defender for Endpoint (Windows Server 2012R2/2016)" via ConfigMgr.

Manual

  1. Link Group Policy "ISU Server - WinHTTP Proxy" to add the proxy.

  2. Copy over and merge provided Registry Key file to setup temporary WinINet Proxy in HKCU for the current user - "MDE WinINet Proxy HKCU - Install.reg"

  3. Copy over and extract the installation media - "MDE-Install-2012R2-2016.zip"

  4. Run Powershell as Admin with the following command:

    C:\path\to\extractedfolder\Install.ps1 -OnboardingScript C:\path\to\extractedfolder\WindowsDefenderATPOnboardingScript.cmd

  5. Copy over and merge this Registry Key file below to remove WinINet Proxy for the current user - "MDE WinINet Proxy HKCU - Uninstall.reg"

    Be sure to do Step 5, as we don't want proxy settings configured for the current user.


Additional Information

Group Policy Object - "ISU Server - WinHTTP Proxy"

  • This group policy object sets up registry keys to configure a WinHTTP proxy for the device and a WinINet proxy for the SYSTEM account.
  • It will not setup the proxy if the server is on anything other then 172.16.0.0/12 using Item Level Targeting.