deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

linting - spacing + heading levels

Browse Source
This commit is contained in:
Marty Hernandez Avedon
2020-09-21 14:57:02 -04:00
parent e2ea684a4e
commit 112e5370ce
1 changed files with 30 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
View File

@ -44,11 +44,11 @@ You can also download the whitepaper [Microsoft Defender Antivirus on Virtual De
> [!IMPORTANT] > [!IMPORTANT]
> Although the VDI can be hosted on Windows Server 2012 or Windows Server 2016, the virtual machines (VMs) should be running Windows 10, 1607 at a minimum, due to increased protection technologies and features that are unavailable in earlier versions of Windows.<br/>There are performance and feature improvements to the way in which Microsoft Defender AV operates on virtual machines in Windows 10 Insider Preview, build 18323 (and later). We'll identify in this guide if you need to be using an Insider Preview build; if it isn't specified, then the minimum required version for the best protection and performance is Windows 10 1607. > Although the VDI can be hosted on Windows Server 2012 or Windows Server 2016, the virtual machines (VMs) should be running Windows 10, 1607 at a minimum, due to increased protection technologies and features that are unavailable in earlier versions of Windows.<br/>There are performance and feature improvements to the way in which Microsoft Defender AV operates on virtual machines in Windows 10 Insider Preview, build 18323 (and later). We'll identify in this guide if you need to be using an Insider Preview build; if it isn't specified, then the minimum required version for the best protection and performance is Windows 10 1607.
### Set up a dedicated VDI file share ## Set up a dedicated VDI file share
In Windows 10, version 1903, we introduced the shared security intelligence feature. This offloads the unpackaging of downloaded security intelligence updates onto a host machine - thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell. In Windows 10, version 1903, we introduced the shared security intelligence feature. This offloads the unpackaging of downloaded security intelligence updates onto a host machine - thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell.
#### Use Group Policy to enable the shared security intelligence feature: ### Use Group Policy to enable the shared security intelligence feature:
1. On your Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure, and then click **Edit**. 1. On your Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure, and then click **Edit**.
@ -66,7 +66,7 @@ In Windows 10, version 1903, we introduced the shared security intelligence feat
8. Deploy the GPO to the VMs you want to test. 8. Deploy the GPO to the VMs you want to test.
#### Use PowerShell to enable the shared security intelligence feature ### Use PowerShell to enable the shared security intelligence feature
Use the following cmdlet to enable the feature. Youll need to then push this as you normally would push PowerShell-based configuration policies onto the VMs: Use the following cmdlet to enable the feature. Youll need to then push this as you normally would push PowerShell-based configuration policies onto the VMs:
@ -76,7 +76,7 @@ Set-MpPreference -SharedSignaturesPath \\<shared location>\wdav-update
See the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what the \<shared location\> will be. See the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what the \<shared location\> will be.
### Download and unpackage the latest updates ## Download and unpackage the latest updates
Now you can get started on downloading and installing new updates. Weve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if youre familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those). Now you can get started on downloading and installing new updates. Weve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if youre familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those).
@ -99,7 +99,7 @@ We suggest starting with once a day but you should experiment with increasin
Security intelligence packages are typically published once every three to four hours. Setting a frequency shorter than four hours isnt advised because it will increase the network overhead on your management machine for no benefit. Security intelligence packages are typically published once every three to four hours. Setting a frequency shorter than four hours isnt advised because it will increase the network overhead on your management machine for no benefit.
#### Set a scheduled task to run the powershell script ### Set a scheduled task to run the powershell script
1. On the management machine, open the Start menu and type **Task Scheduler**. Open it and select **Create task…** on the side panel. 1. On the management machine, open the Start menu and type **Task Scheduler**. Open it and select **Create task…** on the side panel.
@ -111,10 +111,9 @@ Security intelligence packages are typically published once every three to four
5. Click **OK** to save the scheduled task. 5. Click **OK** to save the scheduled task.
You can initiate the update manually by right-clicking on the task and clicking **Run**. You can initiate the update manually by right-clicking on the task and clicking **Run**.
#### Download and unpackage manually ### Download and unpackage manually
If you would prefer to do everything manually, this what you would need to do to replicate the scripts behavior: If you would prefer to do everything manually, this what you would need to do to replicate the scripts behavior:
@ -130,7 +129,7 @@ If you would prefer to do everything manually, this what you would need to do to
Note: The VMs will pick up the updated package whenever a new GUID folder is created with an extracted update package or whenever an existing folder is updated with a new extracted package. Note: The VMs will pick up the updated package whenever a new GUID folder is created with an extracted update package or whenever an existing folder is updated with a new extracted package.
### Randomize scheduled scans ## Randomize scheduled scans
Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-microsoft-defender-antivirus.md). Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-microsoft-defender-antivirus.md).
@ -138,7 +137,7 @@ The start time of the scan itself is still based on the scheduled scan policy
See [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) for other configuration options available for scheduled scans. See [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) for other configuration options available for scheduled scans.
### Use quick scans ## Use quick scans
You can specify the type of scan that should be performed during a scheduled scan. You can specify the type of scan that should be performed during a scheduled scan.
Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active. Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active.
@ -149,7 +148,7 @@ Quick scans are the preferred approach as they are designed to look in all place
3. Click **OK**. 3. Click **OK**.
### Prevent notifications ## Prevent notifications
Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Microsoft Defender Antivirus user interface. Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Microsoft Defender Antivirus user interface.
@ -161,7 +160,7 @@ Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist
This prevents notifications from Microsoft Defender AV appearing in the action center on Windows 10 when scans or remediation is performed. This prevents notifications from Microsoft Defender AV appearing in the action center on Windows 10 when scans or remediation is performed.
### Disable scans after an update ## Disable scans after an update
This setting will prevent a scan from occurring after receiving an update. You can apply this when creating the base image if you have also run a quick scan. This prevents the newly updated VM from performing a scan again (as you've already scanned it when you created the base image). This setting will prevent a scan from occurring after receiving an update. You can apply this when creating the base image if you have also run a quick scan. This prevents the newly updated VM from performing a scan again (as you've already scanned it when you created the base image).
@ -176,7 +175,7 @@ This setting will prevent a scan from occurring after receiving an update. You c
This prevents a scan from running immediately after an update. This prevents a scan from running immediately after an update.
### Scan VMs that have been offline ## Scan VMs that have been offline
1. Expand the tree to **Windows components > Windows Defender > Scan**. 1. Expand the tree to **Windows components > Windows Defender > Scan**.
@ -186,8 +185,7 @@ This prevents a scan from running immediately after an update.
This forces a scan if the VM has missed two or more consecutive scheduled scans. This forces a scan if the VM has missed two or more consecutive scheduled scans.
## Enable headless UI mode
### Enable headless UI mode
1. Double-click **Enable headless UI mode** and set the option to **Enabled**. 1. Double-click **Enable headless UI mode** and set the option to **Enabled**.
@ -195,13 +193,12 @@ This forces a scan if the VM has missed two or more consecutive scheduled scans.
This hides the entire Microsoft Defender AV user interface from users. This hides the entire Microsoft Defender AV user interface from users.
### Exclusions ## Exclusions
Exclusions can be added, removed, or customized to suit your needs. Exclusions can be added, removed, or customized to suit your needs.
For more details, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md). For more details, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md).
## Additional resources ## Additional resources
- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( https://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s) - [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( https://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)