Merged PR 6727: Merge atp-intune-revert to master

2025-05-12 13:27:23 +00:00 · 2018-03-28 18:48:22 +00:00 · 2018-03-28 18:48:22 +00:00 · 205e6df683
commit 205e6df683
parent aab1e9fdc1 9231353ba5
1 changed files with 60 additions and 0 deletions
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@ -117,6 +117,66 @@ Configuration for onboarded machines: diagnostic data reporting frequency | ./De
 >[!TIP]
 > After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).

+### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
+
+1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+
+    a.  Select **Endpoint management** > **Clients** on the **Navigation pane**.
+
+    b.  Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
+
+      ![Endpoint onboarding](images/atp-mdm-onboarding-package.png)
+
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
+
+3. Login to the [Microsoft Azure portal](https://portal.azure.com).
+
+4. From the Intune blade, choose **Device configuration**.
+
+  ![Image of device configuration menu in Microsoft Azure](images/atp-azure-intune-device-config.png)
+
+5. Under **Manage**, choose **Profiles** and click **Create Profile**.
+
+  ![Image of policy creation in Azure](images/atp-azure-intune-create-profile.png)
+
+6. Type a name, description and choose **Windows 10 and later** as the Platform and **Custom** as the Profile type.
+
+  ![Image of naming a policy](images/atp-intune-custom.png)
+
+7. Click **Settings** > **Configure**.
+
+  ![Image of settings](images/atp-intune-configure.png)
+
+8. Under Custom OMA-URI Settings, click **Add**.
+
+  ![Image of configuration settings](images/atp-custom-oma-uri.png)
+
+9. Enter the following values, then click **OK**.
+
+  ![Image of profile creation](images/atp-oma-uri-values.png)
+
+  - **Name**: Type a name for the setting.
+  - **Description**: Type a description for the setting.
+  - **OMA-URI**: _./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding_
+  - **Value**: Copy and paste the contents of the WindowsDefenderATP.onboarding file you downloaded.
+
+10. Save the settings by clicking **OK**.
+  
+11. Click **Create**.
+
+  ![Image of the policy being created](images/atp-intune-create-policy.png)
+
+12. To deploy the Profile, click **Assignments**. 
+
+  ![Image of groups](images/atp-intune-assignments.png)
+
+13. Search for and select the Group you want to apply the Configuration Profile to, then click **Select**.
+
+  ![Image of groups](images/atp-intune-group.png)
+
+14. Click **Save** to finish deploying the Configuration Profile.
+
+  ![Image of deployment](images/atp-intune-save-deployment.png)


 ### Offboard and monitor endpoints