Defender for Endpoint is bought far more often than it is properly onboarded. The agent is installed, the Defender XDR portal shows green ticks, and the project is closed — six months later, an assessment finds half the platform unconfigured. This field guide is the realistic onboarding path through Microsoft Intune in 2026: licensing, the service connector, Windows and macOS, EDR in block mode, ASR, the compliance signal back into Conditional Access, validation, and the operational model after deployment.
