Migrating Defender from Commercial to GCC - mattnovitsch/M365 GitHub Wiki

Migrating from Microsoft Defender for endpoint client from Commercial to GCC tenant. This is assuming you have already worked with your CSAM and the Microsoft Transition team and have already onboarded one device to the new GCC tenant first. This is required as backend tenant information needs to be configured. Quick link to this page: https://aka.ms/DefenderCommercialtoGCCDoc

Option 1: Using Intune to Migrate agents into GCC Tenant.

  1. Navigate to Intune Admin Center (https://intune.microsoft.com/ )
  2. Select Endpoint Security on the left hand side
  3. Select Endpoint Detection and Response
  4. Select Create New Policy
  5. For Platform select Windows 10, Windows 11, and Windows Server and for Profile select Endpoint Detection and Response
  6. Select the Create button

image

  1. Give a name to your policy image

  2. Select one of the following options: Auto from connector or Onboard. If you select Auto from connector you have to make sure the connector between Intune and Defender for endpoint is established. For onboard you will need to download the script from the Defender XDR portal. This example will be for onboard. image

  3. Navigate to Defender XDR in another browser tab(https://security.microsoft.com/ )

  4. Click on Settings

  5. Scroll down and select Onboarding

  6. Change Deployment Method to Mobile Device Management/ Microsoft Intune

  7. Select Download onboarding package image

  8. Open File once it has completed downloading image

  9. Open WindowsDefenderATP.onboarding with notepad or some other text editor program. image

  10. Copy the entire contents of the file (ctrl+a then ctrl+c) image

  11. Navigate back to Intune Admin Center tab.

  12. Paste the script into the Onboarding section

  13. Set Sample Sharing to All(Default)

  14. Set Telemetry Reporting Frequency to Normal image

  15. Add any scope tags and select Next image

  16. Put in a test group that you want to onboard first. Small percentage 5-10 would be good.

  17. Select Next image

  18. Review the settings then click Save image

Note: A reboot is required for these changes to take effect. Once the system is rebooted, it should appear in the GCC tenant within 1-2 hours. If you run into problems, please reach out to your CSAM or FTA/FM for assistance. If you don't have a CSAM or FTA/FM you can put in a request for assistance at Fast Track. Fast Track can walk you through the process.