diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md new file mode 100644 index 0000000000..fcd726467f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md @@ -0,0 +1,92 @@ +--- +title: McAfee to Microsoft Defender ATP - Onboard +description: This is phase 3, Onboard, for migrating from McAfee to Microsoft Defender ATP. +keywords: migration, windows defender advanced threat protection, atp, edr +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: deniseb +author: denisebmsft +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- M365-security-compliance +- m365solution-McAfeemigrate +ms.custom: migrationguides +ms.topic: article +ms.date: 09/03/2020 +ms.reviewer: jesquive, chventou, jonix, chriggs, owtho +--- + +# Migrate from McAfee - Phase 3: Onboard to Microsoft Defender ATP + +|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |![Phase 3: Onboard](images/onboard.png)
Phase 3: Onboard | +|--|--|--| +|| |*You are here!* | + + +**Welcome to Phase 3 of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This migration phase includes the following steps: + +1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp). +2. [Run a detection test](#run-a-detection-test). +3. [Uninstall McAfee](#uninstall-mcafee). +4. [Make sure Microsoft Defender ATP is in active mode](#make-sure-microsoft-defender-atp-is-in-active-mode). + +## Onboard devices to Microsoft Defender ATP + +1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in. + +2. Choose **Settings** > **Device management** > **Onboarding**. + +3. In the **Select operating system to start onboarding process** list, select an operating system. + +4. Under **Deployment method**, select an option. Follow the links and prompts to onboard your organization's devices. Need help? See [Onboarding methods](#onboarding-methods). + +### Onboarding methods + +Deployment methods vary, depending on which operating system is selected. Refer to the resources listed in the table below to get help with onboarding. + +|Operating system |Method | +|---------|---------| +|Windows 10 |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)
- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)
- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)
- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)

**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. | +|- Windows 8.1 Enterprise
- Windows 8.1 Pro
- Windows 7 SP1 Enterprise
- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)

**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). | +|- Windows Server 2019 and later
- Windows Server 2019 core edition
- Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)
- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)
- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)
- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager)
- [VDI onboarding scripts for non-persistent devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)

**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. | +|- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)
- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) | +|macOS
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra)

iOS

Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Onboard non-Windows devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows) | + +## Run a detection test + +To verify that your onboarded devices are properly connected to Microsoft Defender ATP, you can run a detection test. + + +|Operating system |Guidance | +|---------|---------| +|- Windows 10
- Windows Server 2019
- Windows Server, version 1803
- Windows Server 2016
- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).

Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. | +|macOS
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy).

For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). | +|Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**:
`mdatp health --field real_time_protection_enabled`.

2. Open a Terminal window, and run the following command:
`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`.

3. Run the following command to list any detected threats:
`mdatp threat list`.

For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). | + +## Uninstall McAfee + +Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall McAfee. + +To get help with this step, go to your McAfee support ServicePortal ([http://mysupport.mcafee.com](http://mysupport.mcafee.com)). + +## Make sure Microsoft Defender ATP is in active mode + +Now that you have uninstalled McAfee, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode. + +To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)). Try one or more of the demo scenarios on that page, including at least the following: +- Cloud-delivered protection +- Potentially Unwanted Applications (PUA) +- Network Protection (NP) + +## Next steps + +**Congratulations**! You have completed your [migration from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)! + +- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). +- [Manage Microsoft Defender Advanced Threat Protection, post migration](manage-atp-post-migration.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare - Copy.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare - Copy.md rename to windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup - Copy.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup - Copy.md rename to windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md