Prerequisites

Windows Defender ATP requires one of the following Microsoft Volume Licensing solutions:

• Windows 10 Enterprise E5
• Windows 10 Education E5
• Secure Productive Enterprise E5, which includes Windows 10 Enterprise E5

When you run the onboarding wizard for the first time, you must choose where your Windows Defender ATP-related information is stored: either in a European or United States data center. You cannot change your data storage location after the first setup.

Windows Defender ATP runs on version 1706 and preceding Windows editions:

• Windows 10 Enterprise
• Windows 10 Education
• Windows 10 Pro
• Windows 10 Pro Education

Each endpoint must have an internet connection, which may utilize up to 5 MB of bandwidth daily to communicate with the Windows Defender ATP cloud service and report cyber data.

The Windows Defender signature update (or an alternative and compatible anti-malware service) needs to be configured, and the Windows Defender Early Launch Antimalware (ELAM) driver must be enabled.

To administer the service, administrators must be granted one of the following roles in Azure Active Directory (Azure AD):

• Security administrator: This will provide full access to login, view all information, and resolve alerts. This role can submit files for deep analysis and download the onboarding package.
• Security reader: This will provide the right to login and view all information, but cannot change alert status, submit files for deep analysis, or access the onboarding packages.