From 30765d8bde8c1448ff0feb1d92f67bb6f2874c7e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 16:47:23 -0700 Subject: [PATCH 01/12] win 8.1 --- .../windows-defender-atp/TOC.md | 1 + ...ows-defender-advanced-threat-protection.md | 100 ++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index e69658d82e..a8defba7ee 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -7,6 +7,7 @@ ### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) ### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) ## [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) +### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md) ### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) #### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) #### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..875feb88d2 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -0,0 +1,100 @@ +--- +title: Onboard Windows 7 SP 1 machines on Windows Defender ATP +description: Onboard Windows 7 SP 1 machines so that they can send sensor data to the Windows Defender ATP sensor +keywords: Onboard Windows 7 machines, oms, sp1, enterprise, pro, down level +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 06/11/2018 +--- + +# Onboard Windows 7 SP1 machines + +**Applies to:** + +- Windows 7 SP1 Enterprise +- Windows 7 SP1 Pro +- Windows 8.1 +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console. + +To onboard down-level Windows client endpoints to Windows Defender ATP, you’ll need to: +- Configure and update System Center Endpoint Protection clients. +- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below. + +>[!TIP] +> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md). + +## Configure and update System Center Endpoint Protection clients +>[!IMPORTANT] +>This step is required only if your organization uses System Center Endpoint Protection (SCEP). + +Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting + +## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP + +### Before you begin +Review the following details to verify minimum system requirements: +- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) +- Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry) +- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites) + +1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604). + +2. Obtain the workspace ID: + - In the Windows Defender ATP navigation pane, select **Settings > Machine management > Onboarding** + - Select **Windows 7 SP1 and 8.1** as the operating system + - Copy the workspace ID and workspace key + +3. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent: + - Manually install the agent using setup
+ On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS) + - [Install the agent using command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script). + +4. If you’re using a proxy server to connect to the Internet see the Configure proxy settings section. + +Once completed, you should see onboarded servers in the portal within an hour. + +### Configure server proxy and Internet connectivity settings + +- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway). +- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service: + +Agent Resource | Ports +:---|:--- +| *.oms.opinsights.azure.com | 443 | +| *.blob.core.windows.net | 443 | +| *.azure-automation.net | 443 | +| *.ods.opinsights.azure.com | 443 | +| winatp-gw-cus.microsoft.com | 443 | +| winatp-gw-eus.microsoft.com | 443 | +| winatp-gw-neu.microsoft.com | 443 | +| winatp-gw-weu.microsoft.com | 443 | +|winatp-gw-uks.microsoft.com | 443 | +|winatp-gw-ukw.microsoft.com | 443 | +| winatp-gw-aus.microsoft.com | 443| +| winatp-gw-aue.microsoft.com |443 | + + +## Offboard client endpoints +To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Windows Defender ATP. + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevele-belowfoldlink) + + + + + + From af0db775a7d8cefda4fd2bafed457cbe8cefadd5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 16:47:40 -0700 Subject: [PATCH 02/12] remove --- ...oard-downlevel-windows-defender-advanced-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 875feb88d2..fb9fa92c3a 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -19,7 +19,6 @@ ms.date: 06/11/2018 - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro -- Windows 8.1 - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] From 883c7e82eef703451c19dbb246df4050bb86a133 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 31 May 2018 10:35:04 -0700 Subject: [PATCH 03/12] add downlevel support in preview features topic --- ...-windows-defender-advanced-threat-protection.md | 14 +++++++------- ...-windows-defender-advanced-threat-protection.md | 9 ++++++++- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index fb9fa92c3a..a542df63b1 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- -title: Onboard Windows 7 SP 1 machines on Windows Defender ATP -description: Onboard Windows 7 SP 1 machines so that they can send sensor data to the Windows Defender ATP sensor -keywords: Onboard Windows 7 machines, oms, sp1, enterprise, pro, down level +title: Onboard previous versions of Windows on Windows Defender ATP +description: Onboard supported previous versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor +keywords: onboard, windows, 7, 8, oms, sp1, enterprise, pro, down level search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -13,12 +13,14 @@ ms.localizationpriority: high ms.date: 06/11/2018 --- -# Onboard Windows 7 SP1 machines +# Onboard Windows previous versions of Windows **Applies to:** - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro +- Windows 8.1 Enterprise +- Windows 8.1 Pro - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] @@ -62,7 +64,7 @@ Review the following details to verify minimum system requirements: On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS) - [Install the agent using command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script). -4. If you’re using a proxy server to connect to the Internet see the Configure proxy settings section. +4. If you're using a proxy server to connect to the Internet see the Configure proxy settings section. Once completed, you should see onboarded servers in the portal within an hour. @@ -83,8 +85,6 @@ Agent Resource | Ports | winatp-gw-weu.microsoft.com | 443 | |winatp-gw-uks.microsoft.com | 443 | |winatp-gw-ukw.microsoft.com | 443 | -| winatp-gw-aus.microsoft.com | 443| -| winatp-gw-aue.microsoft.com |443 | ## Offboard client endpoints diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 4b90b87fb8..90008c037e 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/11/2018 --- # Windows Defender ATP preview features @@ -42,12 +42,19 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: +- [Onboard previous versions of Windows](onboard-downlevel--windows-defender-advanced-threat-protection.md)
+Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor + - Windows 7 SP1 Enterprise + - Windows 7 SP1 Pro + - Windows 8.1 Enterprise + - Windows 8.1 Pro - [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the onboarding of the following servers: - Windows Server 2012 R2 - Windows Server 2016 - Windows Server, version 1803 + - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph. From 7551ecb60a5997c4d6baa36f1e4eedada6f8fdea Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 31 May 2018 10:58:28 -0700 Subject: [PATCH 04/12] fix broken link --- .../preview-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 90008c037e..13702b6849 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -42,7 +42,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Onboard previous versions of Windows](onboard-downlevel--windows-defender-advanced-threat-protection.md)
+- [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro From e2cb4b031ab11b5695b30b435ef8e6ba34d75011 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 12 Jun 2018 17:24:28 -0700 Subject: [PATCH 05/12] update applies to, fix char, modify console use --- ...evel-windows-defender-advanced-threat-protection.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index a542df63b1..677d282889 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Onboard previous versions of Windows on Windows Defender ATP description: Onboard supported previous versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor -keywords: onboard, windows, 7, 8, oms, sp1, enterprise, pro, down level +keywords: onboard, windows, 7, oms, sp1, enterprise, pro, down level search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/11/2018 +ms.date: 06/17/2018 --- # Onboard Windows previous versions of Windows @@ -19,15 +19,13 @@ ms.date: 06/11/2018 - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro -- Windows 8.1 Enterprise -- Windows 8.1 Pro - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console. +Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. -To onboard down-level Windows client endpoints to Windows Defender ATP, you’ll need to: +To onboard down-level Windows client endpoints to Windows Defender ATP, you'll need to: - Configure and update System Center Endpoint Protection clients. - Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below. From 82c8ac310d17860dfdbf10d3ab6a79e082155b7b Mon Sep 17 00:00:00 2001 From: jcaparas Date: Fri, 15 Jun 2018 11:21:31 -0700 Subject: [PATCH 06/12] add back 8.1 --- ...oard-downlevel-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 677d282889..170be8e9ca 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -19,6 +19,7 @@ ms.date: 06/17/2018 - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro +- Windows 8.1 - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] From 2a6d288cd256df5de84c5b43ebb9f65f82eb2651 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Jun 2018 11:34:43 -0700 Subject: [PATCH 07/12] Add back win 8, add note for integration bullet list --- ...rd-downlevel-windows-defender-advanced-threat-protection.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 677d282889..fb1c18120c 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -19,6 +19,7 @@ ms.date: 06/17/2018 - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro +- Windows 8.1 - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] @@ -39,6 +40,8 @@ To onboard down-level Windows client endpoints to Windows Defender ATP, you'll n Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. The following steps are required to enable this integration: +>[!NOTE] +>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting From 66d4f6be4a5fd2e65e957c79587995996ec89e36 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Jun 2018 11:57:41 -0700 Subject: [PATCH 08/12] fix spcae --- ...oard-downlevel-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index fb1c18120c..490838a802 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -42,6 +42,7 @@ Windows Defender ATP integrates with System Center Endpoint Protection to provid The following steps are required to enable this integration: >[!NOTE] >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. + - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting From 0c6b3fea5789a82ac578b3527a6d2789d5f4b271 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Jun 2018 13:38:01 -0700 Subject: [PATCH 09/12] update applies to, add notes for win 7 --- ...ows-defender-advanced-threat-protection.md | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 490838a802..19ee48959a 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -13,18 +13,19 @@ ms.localizationpriority: high ms.date: 06/17/2018 --- -# Onboard Windows previous versions of Windows +# Onboard previous versions of Windows **Applies to:** - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro -- Windows 8.1 +- Windows 8.1 Pro +- Windows 8.1 Enterprise - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. +Windows Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. To onboard down-level Windows client endpoints to Windows Defender ATP, you'll need to: - Configure and update System Center Endpoint Protection clients. @@ -40,9 +41,6 @@ To onboard down-level Windows client endpoints to Windows Defender ATP, you'll n Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. The following steps are required to enable this integration: ->[!NOTE] ->Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. - - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting @@ -50,8 +48,12 @@ The following steps are required to enable this integration: ### Before you begin Review the following details to verify minimum system requirements: -- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) +- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) + >[!NOTE] + >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. - Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry) + >[!NOTE] + >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. - Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites) 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604). @@ -63,16 +65,16 @@ Review the following details to verify minimum system requirements: 3. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent: - Manually install the agent using setup
- On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS) - - [Install the agent using command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script). + On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS)** + - [Install the agent using command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script) -4. If you're using a proxy server to connect to the Internet see the Configure proxy settings section. +4. If you're using a proxy to connect to the Internet see the Configure proxy settings section. -Once completed, you should see onboarded servers in the portal within an hour. +Once completed, you should see onboarded endpoints in the portal within an hour. -### Configure server proxy and Internet connectivity settings +### Configure proxy and Internet connectivity settings -- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway). +- Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway). - If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service: Agent Resource | Ports From 7db1e9769fa78176d937658b3cb36a1161ff4bb6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Jun 2018 14:15:15 -0700 Subject: [PATCH 10/12] fix spacing --- ...d-downlevel-windows-defender-advanced-threat-protection.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 19ee48959a..dea7005b3f 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -49,11 +49,15 @@ The following steps are required to enable this integration: ### Before you begin Review the following details to verify minimum system requirements: - Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) + >[!NOTE] >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. + - Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry) + >[!NOTE] >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. + - Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites) 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604). From 4c3c32b5d389d1592b4f0d11baeec5b697eef314 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 10:05:01 -0700 Subject: [PATCH 11/12] update date --- ...ard-downlevel-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index dea7005b3f..fd94b42fc9 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/17/2018 +ms.date: 06/18/2018 --- # Onboard previous versions of Windows From 5326b3bc2a6e099e5fa2546c57b37549982a5e13 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 10:10:18 -0700 Subject: [PATCH 12/12] date --- ...ard-downlevel-windows-defender-advanced-threat-protection.md | 2 +- .../preview-windows-defender-advanced-threat-protection.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index fd94b42fc9..940c705412 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Onboard previous versions of Windows on Windows Defender ATP description: Onboard supported previous versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor -keywords: onboard, windows, 7, oms, sp1, enterprise, pro, down level +keywords: onboard, windows, 7, 81, oms, sp1, enterprise, pro, down level search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 13702b6849..ed796f2f36 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/11/2018 +ms.date: 06/18/2018 --- # Windows Defender ATP preview features