From 23c4458555244f64d2f34004d007c034856ea115 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 20 Aug 2020 13:51:04 -0700 Subject: [PATCH] Create mcafee-to-microsoft-defender-onboard.md --- .../mcafee-to-microsoft-defender-onboard.md | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md new file mode 100644 index 0000000000..88b63ef663 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md @@ -0,0 +1,100 @@ +--- +title: Phase 3 - Onboard to Microsoft Defender ATP +description: Make the switch from McAfee to Microsoft Defender ATP +keywords: migration, windows defender advanced threat protection, atp, edr +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: deniseb +author: denisebmsft +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- M365-security-compliance +- m365solution-symantecmigrate +ms.topic: article +--- + +# Migrate from McAfee - Phase 3: Onboard to Microsoft Defender ATP + +|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)
Phase 3: Onboard | +|--|--|--| +|| |*You are here!* | + + +**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps: + +1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp). +2. [Run a detection test](#run-a-detection-test). +3. [Uninstall Symantec](#uninstall-symantec). +4. [Make sure Microsoft Defender ATP is in active mode](#make-sure-microsoft-defender-atp-is-in-active-mode). + +## Onboard devices to Microsoft Defender ATP + +1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in. + +2. Choose **Settings** > **Device management** > **Onboarding**. + +3. In the **Select operating system to start onboarding process** list, select an operating system. + +4. Under **Deployment method**, select an option. Follow the links and prompts to onboard your organization's devices. Need help? See [Onboarding methods](#onboarding-methods). + +### Onboarding methods + +Deployment methods vary, depending on which operating system is selected. Refer to the resources listed in the table below to get help with onboarding. + +|Operating system |Method | +|---------|---------| +|Windows 10 |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)
- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)
- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)
- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)

**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. | +|- Windows 8.1 Enterprise
- Windows 8.1 Pro
- Windows 7 SP1 Enterprise
- Windows 7 SP1 Pro | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)

**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). | +|- Windows Server 2019 and later
- Windows Server 2019 core edition
- Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)
- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)
- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)
- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager)
- [VDI onboarding scripts for non-persistent devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)

**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. | +|- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)
- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) | +|macOS
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra)

iOS

Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Onboard non-Windows devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows) | + +## Run a detection test + +To verify that your onboarded devices are properly connected to Microsoft Defender ATP, you can run a detection test. + + +|Operating system |Guidance | +|---------|---------| +|- Windows 10
- Windows Server 2019
- Windows Server, version 1803
- Windows Server 2016
- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).

Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. | +|macOS
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy).

For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). | +|Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**:
`mdatp health --field real_time_protection_enabled`.

2. Open a Terminal window, and run the following command:
`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`.

3. Run the following command to list any detected threats:
`mdatp threat list`.

For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). | + +## Uninstall Symantec + +Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall Symantec. + +1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in Symantec. + +2. Delete the uninstall password for Symantec: + 1. On your Windows devices, open Registry Editor as an administrator. + 2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`. + 3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. + +3. Remove Symantec from your devices. If you need help with this, see the following Broadcom resources: + - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html) + - Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040) + - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387) + - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054) + +## Make sure Microsoft Defender ATP is in active mode + +Now that you have uninstalled Symantec, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode. + +To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)). Try one or more of the demo scenarios on that page, including at least the following: +- Cloud-delivered protection +- Potentially Unwanted Applications (PUA) +- Network Protection (NP) + +## Next steps + +**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! + +- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). +- [Manage Microsoft Defender Advanced Threat Protection, post migration](manage-atp-post-migration.md).