deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update TOC to indlude new topic, create new config topic, remove content from troubleshooting

Browse Source
This commit is contained in:
Joey Caparas
2016-05-06 13:45:20 +10:00
parent 7d438a0cb5
commit 137336021f
3 changed files with 166 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/keep-secure/TOC.md
View File

@ -406,6 +406,7 @@
#### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md)
##### [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)
##### [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)

165
windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,165 @@
---
title: Configure Windows Defender ATP proxy and Internet connectivity settings
description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
keywords: troubleshoot onboarding, onboarding issues, event viewer, azure management portal, data collection and preview builds
search.product: eADQiWindows 10XVcnh
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: mjcaparas
---
# Configure proxy and Internet connectivity settings
The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. This is considered as the appropriate method of communication this type of usage scenario.
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
- Configure Web Proxy Auto Detect (WPAD) settings in the environment and configure Windows to automatically detect the proxy server through Policy or the local Windows settings
- Configure the proxy server manually using Netsh
## Configure Web Proxy Auto Detect (WPAD) settings in the environment and configure Windows to automatically detect the proxy server through Policy or the local Windows settings
Enable the **Automatically detect settings** option in the Windows Proxy settings so that WinHTTP can use the WPAD feature to locate a proxy server.
1. Click **Start** and select **Settings**.
2. Click **Network & Internet**.
3. Select **Proxy**.
4. Verify that the **Automatically detect settings** option is set to On.
![Image showing the proxy settings configuration page](images/proxy-settings.png)
5. If the **Use setup script** or **Manual proxy setup** options are enabled then you will need to [configure proxy settings manually by using Netsh](#configure-proxy-server-manually-using-netsh) method for WinHTTP to discover the appropriate proxy settings and connect.
## Configure the proxy server manually using Netsh
If **Use setup script** or **Manual proxy setup** settings are configured in the Windows Proxy setting, then endpoints will not be discovered by WinHTTP.
Use Netsh to configure the proxy settings to enable connectivity.
You can configure the endpoint by using any of these methods:
- Importing the configured proxy settings to WinHTTP
- Configuring the proxy settings manually to WinHTTP
After configuring the endpoints, you'll need to verify that the correct proxy settings were applied.
**Import the configured proxy settings to WinHTTP**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**:
```
netsh winhttp import proxy source=ie
```
An output showing the applied WinHTTP proxy settings is displayed.
**Configure the proxy settings manually to WinHTTP**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**:
```
proxy [proxy-server=] ProxyServerName:PortNumber
```
Replace *ProxyServerName* with the fully qualified domain name of the proxy server.
Replace *PortNumber* with the port number that you want to configure the proxy server with.
An output showing the applied WinHTTP proxy settings is displayed.
**Verify that the correct proxy settings were applied**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**:
```
netsh winhttp show proxy
```
For more information on how to use Netsh see, [https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx](https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx)
## Enable access to Windows Defender ATP service URLs in the proxy server
If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:
- us.vortex-win.data.microsoft.com
- eu.vortex-win.data.microsoft.com
- sevillegwcus.microsoft.com
- sevillegweus.microsoft.com
- sevillegwweu.microsoft.com
- sevillegwneu.microsoft.com
- www.microsoft.com
- crl.microsoft.com
- *.blob.core.windows.net
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted to the above listed URLs.
## Verify client connectivity to Windows Defender ATP service URLs
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
1. Download the connectivity verification tools to the PC where Windows Defender ATP sensor is running on:
- [Download PsTools Suite](https://technet.microsoft.com/en-us/sysinternals/bb896649)
- [Download PortQry Command Line Port Scanner Version 2.0 utility](https://www.microsoft.com/en-us/download/details.aspx?id=17148)
2. Extract the contents of **PsTools** and **PortQry** to a directory on the computer hard drive.
3. Open an elevated command-line:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
4. Enter the following command and press **Enter**:
```
HardDrivePath\PsExec.exe -s cmd.exe
```
Replace *HardDrivePath* with the path where the PsTools Suite was extracted to:
![Image showing the command line](images/psexec-cmd.png)
5. Enter the following command and press **Enter**:
```
HardDrivePath\portqry.exe -n us.vortex-win.data.microsoft.com -e 443 -p tcp
```
Replace *HardDrivePath* with the path where the PortQry utility was extracted to:
![Image showing the command line](images/portqry.png)
6. Verify that the output shows that the name is **resolved** and connection status is **listening**.
7. Repeat the same steps for the remaining URLs with the following arguments:
- portqry.exe -n eu.vortex-win.data.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegwcus.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegweus.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegwweu.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegwneu.microsoft.com -e 443 -p tcp
- portqry.exe -n www.microsoft.com -e 80 -p tcp
- portqry.exe -n crl.microsoft.com -e 80 -p tcp
8. Verify that each URL shows that the name is **resolved** and the connection status is **listening**.
If the any of the verification steps indicate a fail, then verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.

156
windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -121,162 +121,6 @@ If the service is not set for automatic startup, you will need to set it.
For more information about the telemetry service used in Windows 10, see **Manage your telemetry settings** at the [Configure telemetry and other settings in your organization](https://technet.microsoft.com/itpro/windows/manage/disconnect-your-organization-from-microsoft#bkmk-utc) topic.
## Configure proxy and Internet connectivity settings
The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. This is considered as the appropriate method of communication this type of usage scenario.
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
- Configure Web Proxy Auto Detect (WPAD) settings in the environment and configure Windows to automatically detect the proxy server through Policy or the local Windows settings
- Configure the proxy server manually using Netsh
### Configure Web Proxy Auto Detect (WPAD) settings in the environment and configure Windows to automatically detect the proxy server through Policy or the local Windows settings
Enable the **Automatically detect settings** option in the Windows Proxy settings so that WinHTTP can use the WPAD feature to locate a proxy server.
1. Click **Start** and select **Settings**.
2. Click **Network & Internet**.
3. Select **Proxy**.
4. Verify that the **Automatically detect settings** option is set to On.
![Image showing the proxy settings configuration page](images/proxy-settings.png)
5. If the **Use setup script** or **Manual proxy setup** options are enabled then you will need to [configure proxy settings manually by using Netsh](#configure-proxy-server-manually-using-netsh) method for WinHTTP to discover the appropriate proxy settings and connect.
### Configure the proxy server manually using Netsh
If **Use setup script** or **Manual proxy setup** settings are configured in the Windows Proxy setting, then endpoints will not be discovered by WinHTTP.
Use Netsh to configure the proxy settings to enable connectivity.
You can configure the endpoint by using any of these methods:
- Importing the configured proxy settings to WinHTTP
- Configuring the proxy settings manually to WinHTTP
After configuring the endpoints, you'll need to verify that the correct proxy settings were applied.
**Import the configured proxy settings to WinHTTP**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**:
```
netsh winhttp import proxy source=ie
```
An output showing the applied WinHTTP proxy settings is displayed.
**Configure the proxy settings manually to WinHTTP**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**:
```
proxy [proxy-server=] ProxyServerName:PortNumber
```
Replace *ProxyServerName* with the fully qualified domain name of the proxy server.
Replace *PortNumber* with the port number that you want to configure the proxy server with.
An output showing the applied WinHTTP proxy settings is displayed.
**Verify that the correct proxy settings were applied**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**:
```
netsh winhttp show proxy
```
For more information on how to use Netsh see, [https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx](https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx)
## Enable access to Windows Defender ATP service URLs in the proxy server
If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:
- us.vortex-win.data.microsoft.com
- eu.vortex-win.data.microsoft.com
- sevillegwcus.microsoft.com
- sevillegweus.microsoft.com
- sevillegwweu.microsoft.com
- sevillegwneu.microsoft.com
- www.microsoft.com
- crl.microsoft.com
- *.blob.core.windows.net
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted to the above listed URLs.
## Verify client connectivity to Windows Defender ATP service URLs
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
1. Download the connectivity verification tools to the PC where Windows Defender ATP sensor is running on:
- [Download PsTools Suite](https://technet.microsoft.com/en-us/sysinternals/bb896649)
- [Download PortQry Command Line Port Scanner Version 2.0 utility](https://www.microsoft.com/en-us/download/details.aspx?id=17148)
2. Extract the contents of **PsTools** and **PortQry** to a directory on the computer hard drive.
3. Open an elevated command-line:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
4. Enter the following command and press **Enter**:
```
HardDrivePath\PsExec.exe -s cmd.exe
```
Replace *HardDrivePath* with the path where the PsTools Suite was extracted to:
![Image showing the command line](images/psexec-cmd.png)
5. Enter the following command and press **Enter**:
```
HardDrivePath\portqry.exe -n us.vortex-win.data.microsoft.com -e 443 -p tcp
```
Replace *HardDrivePath* with the path where the PortQry utility was extracted to:
![Image showing the command line](images/portqry.png)
6. Verify that the output shows that the name is **resolved** and connection status is **listening**.
7. Repeat the same steps for the remaining URLs with the following arguments:
- portqry.exe -n eu.vortex-win.data.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegwcus.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegweus.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegwweu.microsoft.com -e 443 -p tcp
- portqry.exe -n sevillegwneu.microsoft.com -e 443 -p tcp
- portqry.exe -n www.microsoft.com -e 80 -p tcp
- portqry.exe -n crl.microsoft.com -e 80 -p tcp
8. Verify that each URL shows that the name is **resolved** and the connection status is **listening**.
If the any of the verification steps indicate a fail, then verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.
## Review events and errors on endpoints with Event Viewer