<spanstyle="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -37,7 +39,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
6. Choose to enable or disable sample sharing from your endpoints.
## Configure sample collection settings with Configuration Manager
## Configure sample collection settings with System Center Configuration Manager
@ -4,7 +4,7 @@ description: Use Group Policy to deploy the configuration package or do manual r
keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
search.product: eADQiWindows 10XVcnh
ms.prod: W10
ms.mktglfcycl:
ms.mktglfcycl: deploy
ms.sitesec: library
author: mjcaparas
---
@ -12,25 +12,53 @@ author: mjcaparas
# Configure Windows Defender ATP endpoints (client onboarding)
- Windows 10 Insider Preview
- System Center Configuration Manager
- Group Policy Management Console
<spanstyle="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You can use a Group Policy (GP) configuration package or an automated script to configure endpoints. You can deploy the GP configuration package or script with a GP update, or manually through the command line.
You can configure endpoints by using a System Center Configuration Manager (SCCM) or Group Policy Management Console (GPMC) configuration package, or by running an automated script.
## Configure with System Center Configuration Manager (SCCM)
1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): <spanstyle="background-color: yellow;">Naama: Confirm package name ((I can't download it))</span>
a. Click **Client onboarding** on the **Navigation pane**.
b. Select **SCCM**, click **Download package**, and save the .zip file.
> **Note** It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared.
2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package.
3. In the SCCM console, go to **Software Library**.
4. Under **Application Management**, right-click **Packages** and select **Import**.
5. Click **Browse** and choose the package that was downloaded from the portal (zip file).
6. The package will appear under the Packages page.
7. Right-click the Package and choose deploy.
8. Choose a predefined device collection to deploy the package to.
<spanstyle="background-color: yellow;">Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?)</span>
## Configure with Group Policy
Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service.
> **Note** To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 TAP.
1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com):
1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com):
a. Click **Client onboarding** on the **Navigation pane**.
b. Select **GP**, click **Download package** and save the .zip file.
b. Select **GP**, click **Download package**, and save the .zip file.
> **Note** It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called _*OptionalParamsPolicy*_ and the file _*WindowsATPOnboardingPackage.cmd*_.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc753298.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**.
@ -46,27 +74,6 @@ Using the GP configuration package ensures your endpoints will be correctly conf
For additional settings, see the [Additional configuration settings section](additional-configuration-windows-advanced-threat-protection.md).
## Configure with System Center Configuration Manager (SCCM)
1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): <spanstyle="background-color: yellow;">Naama: Confirm package name</span>
a. Click **Client onboarding** on the **Navigation pane**.
b. Select **SCCM**, click **Download package**, and save the .zip file. <spanstyle="background-color: yellow;">Iaan: Need to confirm the UI for this</span>
2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package.
<spanstyle="background-color: yellow;">Iaan: Will confirm ui for this</span>
3. In the SCCM console, go to **Software Library**.
4. Under **Application Management**, right-click **Packages** and select **Import**.
5. Click **Browse** and choose the package that was downloaded from the portal (zip file).
6. The package will appear under the Packages page.
7. Right-click the Package and choose deploy.
8. Choose a predefined device collection to deploy the package to.
<spanstyle="background-color: yellow;">Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?)</span>
## Configure endpoints manually with registry changes
You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network.
@ -83,7 +90,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
3. Type the location of the script file. If you copied the file the
<spanstyle="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -57,9 +59,9 @@ disabled you can turn it on by following the instructions in the
### Deployment channel operating system requirements
You can choose to onboard endpoints with a scheduled Group Policy
You can choose to onboard endpoints with System Center Configuration Manager (SCCM) or a scheduled Group Policy
(GP) update (using a GP package that you
download from the portal or during the service onboarding wizard) or
download from the portal or during the service onboarding wizard). You can also apply
manual registry changes.
The following describes the minimum operating system or software version
@ -67,6 +69,7 @@ required for each deployment channel.
Deployment channel | Minimum server requirements
:---|:---
System Center Configuration Manager | **WHAT VERSIONS**
Group Policy settings | Windows Server 2008 R2
Manual registry modifications | No minimum requirements
# Monitor the Windows Defender Advanced Threat Protection onboarding
- Windows 10 Insider Preview
- System Center Configuration Manager
<spanstyle="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
<spanstyle="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -24,7 +26,7 @@ There are two stages to onboarding:
1. Set up user access in AAD and use a wizard to create a dedicated
cloud instance for your network (known as “service onboarding”).
2. Add endpoints to the service with scheduled GP updates or manual
2. Add endpoints to the service with System Center Configuration Manager, scheduled GP updates, or manual
registry changes (known as “endpoint onboarding”).
@ -4,7 +4,7 @@ description: Assign users to the Windows Defender ATP service application in Azu
keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding
search.product: eADQiWindows 10XVcnh
ms.prod: W10
ms.mktglfcycl:
ms.mktglfcycl: deploy
ms.sitesec: library
author: mjcaparas
---
@ -12,6 +12,7 @@ author: mjcaparas
# Windows Defender ATP service onboarding
- Windows 10 Insider Preview
- Azure Active Directory
<spanstyle="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Iaan