From 130e96a6be8af852cdfe0ef302b0418d9d0dfd76 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 8 Aug 2018 11:34:37 -0700 Subject: [PATCH 1/3] add scep info in server --- ...s-windows-defender-advanced-threat-protection.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index 65f05557c6..5a33226138 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas ms.localizationpriority: medium -ms.date: 07/30/2018 +ms.date: 08/08/2018 --- # Onboard servers to the Windows Defender ATP service @@ -36,12 +36,23 @@ The service supports the onboarding of the following servers: To onboard your servers to Windows Defender ATP, you’ll need to: +- Configure and update System Center Endpoint Protection clients. - Turn on server monitoring from the Windows Defender Security Center portal. - If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below. >[!TIP] > After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md). +### Configure and update System Center Endpoint Protection clients +>[!IMPORTANT] +>This step is required only if your organization uses System Center Endpoint Protection (SCEP). + +Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting + ### Turn on Server monitoring from the Windows Defender Security Center portal From 2a08032c27969dbc1e00a76d3f3716ba302a2b64 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 8 Aug 2018 15:34:51 -0700 Subject: [PATCH 2/3] add server 2012 details --- ...r-endpoints-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index 5a33226138..20e95c51c6 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -36,7 +36,7 @@ The service supports the onboarding of the following servers: To onboard your servers to Windows Defender ATP, you’ll need to: -- Configure and update System Center Endpoint Protection clients. +- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients. - Turn on server monitoring from the Windows Defender Security Center portal. - If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below. @@ -45,7 +45,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to: ### Configure and update System Center Endpoint Protection clients >[!IMPORTANT] ->This step is required only if your organization uses System Center Endpoint Protection (SCEP). +>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2. Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. From 27562803425efe54e8cd1d347132a22c33c78095 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 9 Aug 2018 10:24:37 -0700 Subject: [PATCH 3/3] remove step1 --- ...ints-windows-defender-advanced-threat-protection.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index 20e95c51c6..cf4dafd48d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -8,7 +8,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: mjcaparas -ms.localizationpriority: medium +ms.localizationpriority: high ms.date: 08/08/2018 --- @@ -100,11 +100,9 @@ Agent Resource | Ports ## Onboard Windows Server, version 1803 You’ll be able to onboard in the same method available for Windows 10 client machines. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. -1. Install the latest Windows Server Insider build on a machine. For more information, see [Windows Server Insider Preview](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver). +1. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). -2. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). - -3. If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly: +2. If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly: a. Set the following registry entry: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` @@ -119,7 +117,7 @@ You’ll be able to onboard in the same method available for Windows 10 client m ![Image of passive mode verification result](images/atp-verify-passive-mode.png) -4. Run the following command to check if Windows Defender AV is installed: +3. Run the following command to check if Windows Defender AV is installed: ```sc query Windefend```