Cloud & Microsoft 365
Microsoft Defender for Business configuration doesn't have to be complicated. If you're running a London-based professional services firm, legal practice, or financial advisory business with 20 to 150 employees, you need endpoint protection that's both robust and manageable without dedicated security staff. Microsoft Defender for Business offers exactly that—a streamlined, cloud-native security solution designed for organisations that can't justify a full-time Chief Information Security Officer. This practical guide walks you through the essential setup steps, helping you move beyond default settings to a configuration that genuinely protects your business-critical data.
Before diving into configuration, it's worth understanding what you're working with. Microsoft Defender for Business is a cloud-delivered endpoint protection platform built into Windows 11 and available for Windows 10 Pro. Unlike its enterprise counterpart, Defender for Business strips away complexity without sacrificing core security capabilities. It includes antimalware protection, firewall management, device encryption, and vulnerability management—all accessed through a single, web-based console.
For SMBs in London's competitive professional sectors, the appeal is clear: you get enterprise-grade protection without the enterprise price tag or the need for a dedicated security operations centre. The platform integrates seamlessly with Microsoft 365 Business Premium, meaning your existing investment in cloud productivity tools becomes your foundation for security.
Your first step is ensuring devices are properly registered within the Microsoft Defender for Business portal. This is where many organisations stumble—they assume it works automatically, then discover gaps in their protection coverage.
Start by accessing the Microsoft Defender for Business portal through your Microsoft 365 admin centre. Devices running Windows 11 will typically detect and activate Defender automatically, but this isn't guaranteed across your estate, particularly if you're running a mixed environment with older hardware.
For each device you want to protect:
If you're managing devices outside Microsoft 365—perhaps older Windows 10 machines or devices not yet migrated to your tenant—you'll need to onboard these manually. Download the onboarding script from the portal settings, run it with administrator privileges, and verify connectivity within your cloud management dashboard.
Many London SMBs we work with at VantagePoint Networks find this stage reveals hidden IT infrastructure. You'll often discover devices that haven't been properly decommissioned, legacy systems still holding sensitive data, or machines that slipped through your original cloud migration plan. Document these findings; they inform your next steps.
Default Defender settings provide baseline protection, but they're intentionally conservative. You'll need to adjust policies to match your organisation's risk profile and regulatory requirements—particularly important if you handle client data under UK data protection legislation.
Navigate to Policies > Antimalware in your Defender console. Here you'll define how aggressively the platform responds to threats:
Windows Defender Firewall is comprehensive but requires tuning for your environment. Within Policies > Firewall, establish three profiles:
Create firewall rules for specific applications your team needs. A legal firm, for instance, might require specific ports for secure document transfer or client video conferencing. Document each rule and review quarterly; old rules often persist long after the business need has disappeared.
Defender includes a vulnerability dashboard that identifies missing patches, outdated software, and configuration weaknesses. In Policies > Vulnerability Management, enable automatic recommendations and configure your patching timeline. For professional services firms handling sensitive client data, patch critical vulnerabilities within 7 days, important vulnerabilities within 30 days.
Configuration is never complete. Security is an ongoing process, and Defender for Business gives you the tools to maintain continuous visibility.
The Incidents dashboard surfaces suspicious activity across your estate. Review this weekly—don't wait for alerts to pile up. Look for patterns: if one user triggers ten alerts in a week, investigate whether their credentials are compromised or whether they're unknowingly visiting malicious websites.
Set up email notifications for high-severity incidents. Your team needs to know immediately if ransomware is detected or if a device shows signs of data exfiltration. Configure these in Settings > Email Notifications, specifying which team members should receive alerts.
Run quarterly reviews of your policies, exclusions, and incident logs. As your organisation evolves—new hires, new applications, new threat landscape—your security policies must evolve alongside it. Compare your configuration against current industry benchmarks and Microsoft's own best practices, which update several times per year.
Configuring Microsoft Defender for Business properly takes time, but it's time well invested. You're building a security foundation that protects not just your devices, but your reputation, your client relationships, and your compliance standing. The difference between a business that's configured Defender thoughtfully and one that's left it on defaults often becomes apparent only after an incident—and by then, it's too late. Getting it right now means sleeping better at night, knowing your organisation is genuinely protected against the threats that matter most to London's professional services sector.
VantagePoint Networks is an independent senior IT and AI consultancy based in London. No account managers — every engagement is handled directly by the founder.
Book your free call →