deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-26 04:07:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated pua handling and updates

Browse Source 
Updated pua handling and updates
This commit is contained in:
Amrut Kale 2019-10-22 18:19:00 +05:30
parent 415e7b425a
commit 19122f00b6
3 changed files with 25 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md
View File

@ -46,7 +46,7 @@ Download the onboarding package from Windows Defender Security Center:
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**. 2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. 3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_page.png) ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_win_intune.png)
4. From a command prompt, verify that you have the file. 4. From a command prompt, verify that you have the file.
Extract the contents of the .zip file and create mdatp_onboard.json file as follows Extract the contents of the .zip file and create mdatp_onboard.json file as follows

21
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-pua.md
View File

@ -1,8 +1,8 @@
--- ---
title: Detect and block potentially unwanted applications title: Detect and block potentially unwanted applications
ms.reviewer: ms.reviewer:
description: Describes how to detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender ATP for Mac. description: Describes how to detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender ATP for Linux.
keywords: microsoft, defender, atp, mac, pua, pus keywords: microsoft, defender, atp, linux, pua, pus
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
@ -22,9 +22,9 @@ ms.topic: conceptual
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
The potentially unwanted application (PUA) protection feature in Microsoft Defender ATP for Mac can detect and block PUA files on endpoints in your network. The potentially unwanted application (PUA) protection feature in Microsoft Defender ATP for Linux can detect and block PUA files on endpoints in your network.
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation. These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
@ -32,13 +32,16 @@ These applications can increase the risk of your network being infected with mal
## How it works ## How it works
Microsoft Defender ATP for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine. Microsoft Defender ATP for Linux can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
When a PUA is detected on an endpoint, Microsoft Defender ATP for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application". When a PUA is detected on an endpoint, Microsoft Defender ATP for Linux presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
> [!NOTE]
> **TODO:** Reword for Linux
## Configure PUA protection ## Configure PUA protection
PUA protection in Microsoft Defender ATP for Mac can be configured in one of the following ways: PUA protection in Microsoft Defender ATP for Linux can be configured in one of the following ways:
- **Off**: PUA protection is disabled. - **Off**: PUA protection is disabled.
- **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product. - **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product.
@ -59,8 +62,8 @@ $ mdatp --threat --type-handling potentially_unwanted_application [off|audit|blo
### Use the management console to configure PUA protection: ### Use the management console to configure PUA protection:
In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](microsoft-defender-atp-mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) topic. In your enterprise, you can configure PUA protection from a management console, such as Puppet, similarly to how other product settings are configured. For more information, see the [Threat type settings](microsoft-defender-atp-linux-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender ATP for Linux](microsoft-defender-atp-linux-preferences.md) topic.
## Related topics ## Related topics
- [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md) - [Set preferences for Microsoft Defender ATP for Linux](microsoft-defender-atp-linux-preferences.md)

202
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-updates.md
View File

@ -1,8 +1,8 @@
--- ---
title: Deploy updates for Microsoft Defender ATP for Mac title: Deploy updates for Microsoft Defender ATP for Linux
ms.reviewer: ms.reviewer:
description: Describes how to control updates for Microsoft Defender ATP for Mac in enterprise environments. description: Describes how to control updates for Microsoft Defender ATP for Linux in enterprise environments.
keywords: microsoft, defender, atp, mac, updates, deploy keywords: microsoft, defender, atp, linux, updates, deploy
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
@ -18,202 +18,24 @@ ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
--- ---
# Deploy updates for Microsoft Defender ATP for Mac # Deploy updates for Microsoft Defender ATP for Linux
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually. To update Microsoft Defender ATP for Linux manually, execute command
![MAU screenshot](images/MDATP_34_MAU.png) - ### For Debian family distros
If you decide to deploy updates by using your software distribution tools, you should configure MAU to manually check for software updates. You can deploy preferences to configure how and when MAU checks for updates for the Macs in your organization. ```bash
sudo apt-get install --only-upgrade mdatp
## Use msupdate
MAU includes a command-line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
In MAU, the application identifier for Microsoft Defender ATP for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender ATP for Mac, execute the following command from a Terminal window:
```
./msupdate --install --apps wdav00
``` ```
## Set preferences for Microsoft AutoUpdate - ### For Redhat family distros
This section describes the most common preferences that can be used to configure MAU. These settings can be deployed as a configuration profile through the management console that your enterprise is using. An example of a configuration profile is shown in the following sections. ```bash
sudo yum update mdatp
### Set the channel name
The channel determines the type and frequency of updates that are offered through MAU. Devices in `InsiderFast` (corresponding to the Insider Fast channel) can try out new features before devices in `External` (corresponding to the Insider Slow channel) and `Production`.
The `Production` channel contains the most stable version of the product.
>[!TIP]
>In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to `InsiderFast` or `External`.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | ChannelName |
| **Data type** | String |
| **Possible values** | InsiderFast <br/> External <br/> Production |
### Set update check frequency
Change how often MAU searches for updates.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | UpdateCheckFrequency |
| **Data type** | Integer |
| **Default value** | 720 (minutes) |
| **Comment** | This value is set in minutes. |
### Change how MAU interacts with updates
Change how MAU searches for updates.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | HowToCheck |
| **Data type** | String |
| **Possible values** | Manual <br/> AutomaticCheck <br/> AutomaticDownload |
| **Comment** | Note that AutomaticDownload will do a download and install silently if possible. |
### Change whether the "Check for Updates" button is enabled
Change whether local users will be able to click the "Check for Updates" option in the Microsoft AutoUpdate user interface.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | EnableCheckForUpdatesButton |
| **Data type** | Boolean |
| **Possible values** | True (default) <br/> False |
### Disable Insider checkbox
Set to true to make the "Join the Office Insider Program..." checkbox unavailable / greyed out to users.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | DisableInsiderCheckbox |
| **Data type** | Boolean |
| **Possible values** | False (default) <br/> True |
### Limit the telemetry that is sent from MAU
Set to false to send minimal heartbeat data, no application usage, and no environment details.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | SendAllTelemetryEnabled |
| **Data type** | Boolean |
| **Possible values** | True (default) <br/> False |
## Example configuration profile
The following configuration profile is used to:
- Place the device in the Insider Fast channel
- Automatically download and install updates
- Enable the "Check for updates" button in the user interface
- Allow users on the device to enroll into the Insider channels
### JAMF
```XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ChannelName</key>
<string>InsiderFast</string>
<key>HowToCheck</key>
<string>AutomaticDownload</string>
<key>EnableCheckForUpdatesButton</key>
<true/>
<key>DisableInsiderCheckbox</key>
<false/>
<key>SendAllTelemetryEnabled</key>
<true/>
</dict>
</plist>
``` ```
### Intune
```XML
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>B762FF60-6ACB-4A72-9E72-459D00C936F3</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.autoupdate2</string>
<key>PayloadDisplayName</key>
<string>Microsoft AutoUpdate settings</string>
<key>PayloadDescription</key>
<string>Microsoft AutoUpdate configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>5A6F350A-CC2C-440B-A074-68E3F34EBAE9</string>
<key>PayloadType</key>
<string>com.microsoft.autoupdate2</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.autoupdate2</string>
<key>PayloadDisplayName</key>
<string>Microsoft AutoUpdate configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>ChannelName</key>
<string>InsiderFast</string>
<key>HowToCheck</key>
<string>AutomaticDownload</string>
<key>EnableCheckForUpdatesButton</key>
<true/>
<key>DisableInsiderCheckbox</key>
<false/>
<key>SendAllTelemetryEnabled</key>
<true/>
</dict>
</array>
</dict>
</plist>
```
To configure MAU, you can deploy this configuration profile from the management tool that your enterprise is using:
- From JAMF, upload this configuration profile and set the Preference Domain to *com.microsoft.autoupdate2*.
- From Intune, upload this configuration profile and set the custom configuration profile name to *com.microsoft.autoupdate2*.
## Resources
- [msupdate reference](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate)