mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-17 15:57:23 +00:00
Merge branch 'master' into lsaldanha-4620497-batch3
This commit is contained in:
Gary Moore
GitHub
commit
33cbddda72
Binary file not shown.
|
After Width: | Height: | Size: 90 KiB |
@ -14,7 +14,7 @@ audience: ITPro
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 01/07/2021
|
||||
ms.date: 02/16/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -27,10 +27,12 @@ ms.technology: mde
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Tamper protection is available on devices running the following versions of Windows:
|
||||
|
||||
Tamper protection is available for devices that are running one of the following versions of Windows:
|
||||
|
||||
- Windows 10
|
||||
- Windows Server 2016 and 2019 (if using tenant attach with [Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006))
|
||||
- Windows Server 2019
|
||||
- Windows Server, version 1803 or later
|
||||
- Windows Server 2016
|
||||
|
||||
## Overview
|
||||
|
||||
@ -49,76 +51,67 @@ With tamper protection, malicious apps are prevented from taking actions such as
|
||||
|
||||
Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as:
|
||||
|
||||
- Configuring settings in Registry Editor on your Windows machine
|
||||
- Configuring settings in Registry Editor on your Windows device
|
||||
- Changing settings through PowerShell cmdlets
|
||||
- Editing or removing security settings through group policies
|
||||
|
||||
Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; tamper protection is managed by your security team.
|
||||
Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; in those cases, tamper protection is managed by your security team.
|
||||
|
||||
### What do you want to do?
|
||||
|
||||
1. Turn tamper protection on <br/>
|
||||
- [For an individual machine, use Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine).
|
||||
- [For your organization, use Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
|
||||
- [Use tenant attach with Configuration Manager, version 2006, for devices running Windows 10 or Windows Server 2019](#manage-tamper-protection-with-configuration-manager-version-2006)
|
||||
| To perform this task... | See this section... |
|
||||
|:---|:---|
|
||||
| Turn tamper protection on (or off) for an individual device | [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device) |
|
||||
| Turn tamper protection on (or off) for all or part of your organization with Intune <p>Fine-tune tamper protection settings in your organization | [Manage tamper protection for your organization using Intune](#manage-tamper-protection-for-your-organization-using-intune) |
|
||||
| Turn tamper protection on (or off) for your organization with Configuration Manager | [Manage tamper protection for your organization with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) |
|
||||
| Turn tamper protection on in the Microsoft Defender Security Center <p>Manage tamper protection across your tenant | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) |
|
||||
| View details about tampering attempts on devices | [View information about tampering attempts](#view-information-about-tampering-attempts) |
|
||||
| Review your security recommendations | [Review security recommendations](#review-your-security-recommendations) |
|
||||
| Review the list of frequently asked questions (FAQs) | [Browse the FAQs](#view-information-about-tampering-attempts) |
|
||||
|
||||
2. [View information about tampering attempts](#view-information-about-tampering-attempts).
|
||||
|
||||
3. [Review your security recommendations](#review-your-security-recommendations).
|
||||
|
||||
4. [Browse the frequently asked questions](#view-information-about-tampering-attempts).
|
||||
|
||||
## Turn tamper protection on (or off) for an individual machine
|
||||
## Manage tamper protection on an individual device
|
||||
|
||||
> [!NOTE]
|
||||
> Tamper protection blocks attempts to modify Microsoft Defender Antivirus settings through the registry.
|
||||
>
|
||||
> To help ensure that tamper protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. (See [Security intelligence updates](https://www.microsoft.com/wdsi/definitions).)
|
||||
>
|
||||
> Once you’ve made this update, tamper protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors.
|
||||
> Once you’ve made this update, tamper protection continues to protect your registry settings, and logs attempts to modify them without returning errors.
|
||||
|
||||
If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do change security settings, such as tamper protection.
|
||||
If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to manage tamper protection. You must have appropriate admin permissions on your device to do change security settings, such as tamper protection.
|
||||
|
||||
1. Click **Start**, and start typing *Security*. In the search results, select **Windows Security**.
|
||||
Here's what you see in the Windows Security app:
|
||||
|
||||
|
||||
|
||||
1. Select **Start**, and start typing *Security*. In the search results, select **Windows Security**.
|
||||
2. Select **Virus & threat protection** > **Virus & threat protection settings**.
|
||||
|
||||
3. Set **Tamper Protection** to **On** or **Off**.
|
||||
|
||||
Here's what you see in the Windows Security app:
|
||||
## Manage tamper protection for your organization using Intune
|
||||
|
||||
|
||||
If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal. Use Intune when you want to fine-tune tamper protection settings. For example, if you want to enable tamper protection on some devices, but not all, use Intune.
|
||||
|
||||
## Turn tamper protection on (or off) for your organization using Intune
|
||||
### Requirements for managing tamper protection in Intune
|
||||
|
||||
If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal.
|
||||
- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations.
|
||||
- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
|
||||
- Your Windows devices must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).)
|
||||
- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
|
||||
- Your devices must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
|
||||
|
||||
You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task.
|
||||
### Turn tamper protection on (or off) in Intune
|
||||
|
||||
1. Make sure your organization meets all of the following requirements to use Intune to manage tamper protection:
|
||||
|
||||
- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
|
||||
- Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).)
|
||||
- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
|
||||
- Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
|
||||
|
||||
2. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account.
|
||||
|
||||
3. Select **Devices** > **Configuration Profiles**.
|
||||
|
||||
4. Create a profile that includes the following settings:
|
||||
|
||||
|
||||
1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account.
|
||||
2. Select **Devices** > **Configuration Profiles**.
|
||||
3. Create a profile that includes the following settings:
|
||||
- **Platform: Windows 10 and later**
|
||||
|
||||
- **Profile type: Endpoint protection**
|
||||
|
||||
- **Category: Microsoft Defender Security Center**
|
||||
|
||||
- **Tamper Protection: Enabled**
|
||||
|
||||
|
||||
|
||||
5. Assign the profile to one or more groups.
|
||||
4. Assign the profile to one or more groups.
|
||||
|
||||
### Are you using Windows OS 1709, 1803, or 1809?
|
||||
|
||||
@ -127,38 +120,60 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release
|
||||
#### Use PowerShell to determine whether tamper protection is turned on
|
||||
|
||||
1. Open the Windows PowerShell app.
|
||||
|
||||
2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet.
|
||||
|
||||
3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.)
|
||||
|
||||
## Manage tamper protection with Configuration Manager, version 2006
|
||||
## Manage tamper protection for your organization with Configuration Manager, version 2006
|
||||
|
||||
> [!IMPORTANT]
|
||||
> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure.
|
||||
|
||||
If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices.
|
||||
If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver endpoint security configuration policies to on-premises collections & devices.
|
||||
|
||||
|
||||
|
||||
1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions).
|
||||
|
||||
2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.<br/>
|
||||
|
||||
- In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**.
|
||||
|
||||
- In the **Profile** list, select **Windows Security experience (preview)**. <br/>
|
||||
|
||||
The following screenshot illustrates how to create your policy:
|
||||
|
||||
:::image type="content" source="images/win-security- exp-policy-endpt-security.png" alt-text="Windows security experience in Endpoint Manager":::
|
||||
|
||||
3. Deploy the policy to your device collection.
|
||||
|
||||
Need help? See the following resources:
|
||||
### Need help with this?
|
||||
|
||||
See the following resources:
|
||||
|
||||
- [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings)
|
||||
|
||||
- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin)
|
||||
|
||||
## Manage tamper protection for your organization using the Microsoft Defender Security Center
|
||||
|
||||
Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind:
|
||||
|
||||
- When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method.
|
||||
- When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006).
|
||||
- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
|
||||
- Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview.
|
||||
|
||||
### Requirements for managing tamper protection in the Microsoft Defender Security Center
|
||||
|
||||
- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations.
|
||||
- Your Windows devices must be running one of the following versions of Windows:
|
||||
- Windows 10
|
||||
- [Windows Server 2019](/windows-server/get-started-19/whats-new-19)
|
||||
- Windows Server, version [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later
|
||||
- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016)
|
||||
- For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).
|
||||
- Your devices must be [onboarded to Microsoft Defender for Endpoint](../microsoft-defender-atp/onboarding.md).
|
||||
- Your devices must be using anti-malware platform version 4.18.2010.7 (or above) and anti-malware engine version 1.1.17600.5 (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
|
||||
- [Cloud-delivered protection must be turned on](enable-cloud-protection-microsoft-defender-antivirus.md).
|
||||
|
||||
### Turn tamper protection on (or off) in the Microsoft Defender Security Center
|
||||
|
||||
|
||||
|
||||
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
|
||||
2. Choose **Settings**.
|
||||
3. Go to **General** > **Advanced features**, and then turn tamper protection on.
|
||||
|
||||
## View information about tampering attempts
|
||||
|
||||
@ -200,13 +215,13 @@ Devices that are onboarded to Microsoft Defender for Endpoint will have Microsof
|
||||
|
||||
### How can I turn tamper protection on/off?
|
||||
|
||||
If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
|
||||
If you are a home user, see [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device).
|
||||
|
||||
If you are an organization using [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article:
|
||||
|
||||
- [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
|
||||
|
||||
- [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006)
|
||||
- [Manage tamper protection using Intune](#manage-tamper-protection-for-your-organization-using-intune)
|
||||
- [Manage tamper protection using Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006)
|
||||
- [Manage tamper protection using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) (currently in preview)
|
||||
|
||||
### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy?
|
||||
|
||||
@ -218,7 +233,9 @@ Configuring tamper protection in Intune or Microsoft Endpoint Manager can be tar
|
||||
|
||||
### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager?
|
||||
|
||||
If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) and [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin).
|
||||
If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See the following resources:
|
||||
- [Manage tamper protection for your organization with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006)
|
||||
- [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin)
|
||||
|
||||
### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune?
|
||||
|
||||
@ -240,7 +257,7 @@ If a device is off-boarded from Microsoft Defender for Endpoint, tamper protecti
|
||||
|
||||
Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securitycenter.microsoft.com) under **Alerts**.
|
||||
|
||||
In addition, your security operations team can use hunting queries, such as the following example:
|
||||
Your security operations team can also use hunting queries, such as the following example:
|
||||
|
||||
`DeviceAlertEvents | where Title == "Tamper Protection bypass"`
|
||||
|
||||
@ -248,8 +265,6 @@ In addition, your security operations team can use hunting queries, such as the
|
||||
|
||||
## See also
|
||||
|
||||
[Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
|
||||
|
||||
[Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
|
||||
|
||||
[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md)
|
||||
- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
|
||||
- [Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
|
||||
- [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md)
|
||||
|
||||
@ -25,6 +25,12 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll iOS/iPadOS devices in Intune](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll).
|
||||
|
||||
## Before you begin
|
||||
@ -45,7 +51,7 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal.
|
||||
1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** -> **iOS/iPadOS** -> **Add** -> **iOS store app** and click **Select**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
1. On the Add app page, click on **Search the App Store** and type **Microsoft Defender ATP** in the search bar. In the search results section, click on *Microsoft Defender ATP* and click **Select**.
|
||||
|
||||
@ -57,14 +63,14 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal.
|
||||
> The selected user group should consist of Intune enrolled users.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app should be created successfully, and a notification should show up at the top-right corner of the page.
|
||||
|
||||
1. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation has completed successfully.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
## Complete onboarding and check status
|
||||
|
||||
@ -88,13 +94,13 @@ The Microsoft Defender for Endpoint for iOS app has specialized ability on super
|
||||
|
||||
Intune allows you to configure the Defender for iOS app through an App Configuration policy.
|
||||
|
||||
> [!NOTE]
|
||||
> This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice.
|
||||
> [!NOTE]
|
||||
> This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add**. Click on **Managed devices**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
1. In the *Create app configuration policy* page, provide the following information:
|
||||
- Policy Name
|
||||
@ -102,7 +108,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura
|
||||
- Targeted app: Select **Microsoft Defender ATP** from the list
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
1. In the next screen, select **Use configuration designer** as the format. Specify the following property:
|
||||
- Configuration Key: issupervised
|
||||
@ -110,7 +116,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura
|
||||
- Configuration Value: {{issupervised}}
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
1. Click **Next** to open the **Scope tags** page. Scope tags are optional. Click **Next** to continue.
|
||||
|
||||
@ -127,7 +133,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura
|
||||
- Navigate to **Devices** -> **iOS/iPadOS** -> **Configuration profiles** -> **Create Profile**
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
|
||||
> 
|
||||
|
||||
- Provide a name of the profile. When prompted to import a Configuration profile file, select the one downloaded above.
|
||||
- In the **Assignment** section, select the device group to which you want to apply this profile. As a best practice, this should be applied to all managed iOS devices. Click **Next**.
|
||||
|
||||
@ -24,8 +24,10 @@ ms.technology: mde
|
||||
# Privacy information - Microsoft Defender for Endpoint for iOS
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](microsoft-defender-atp-ios.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
> [!NOTE]
|
||||
> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
|
||||
|
||||
@ -22,9 +22,12 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
|
||||
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring.
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This article describes how to deploy Microsoft Defender for Endpoint for Linux manually. A successful deployment requires the completion of all of the following tasks:
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This article describes how to deploy Defender for Endpoint for Linux using Ansible. A successful deployment requires the completion of all of the following tasks:
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This article describes how to deploy Defender for Endpoint for Linux using Puppet. A successful deployment requires the completion of all of the following tasks:
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
>[!IMPORTANT]
|
||||
>This topic contains instructions for how to set preferences for Defender for Endpoint for Linux in enterprise environments. If you are interested in configuring the product on a device from the command-line, see [Resources](linux-resources.md#configure-from-the-command-line).
|
||||
|
||||
@ -22,10 +22,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Defender for Endpoint for Linux.
|
||||
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
The potentially unwanted application (PUA) protection feature in Defender for Endpoint for Linux can detect and block PUA files on endpoints in your network.
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
## Collect diagnostic information
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Microsoft Defender ATP can discover a proxy server using the ```HTTPS_PROXY``` environment variable. This setting must be configured **both** at installation time and after the product has been installed.
|
||||
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
## Run the connectivity test
|
||||
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
## Verify if installation succeeded
|
||||
|
||||
|
||||
@ -25,8 +25,9 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This article provides some general steps that can be used to narrow down performance issues related to Defender for Endpoint for Linux.
|
||||
|
||||
@ -34,7 +35,7 @@ Real-time protection (RTP) is a feature of Defender for Endpoint for Linux that
|
||||
|
||||
Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Defender for Endpoint for Linux. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Defender for Endpoint for Linux.
|
||||
|
||||
Before starting, **please make sure that other security products are not currenly running on the device**. Multilpe security products may conflict and impact the host performance.
|
||||
Before starting, **please make sure that other security products are not currently running on the device**. Multiple security products may conflict and impact the host performance.
|
||||
|
||||
The following steps can be used to troubleshoot and mitigate these issues:
|
||||
|
||||
|
||||
@ -27,8 +27,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
|
||||
|
||||
|
||||
@ -24,8 +24,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Learn about common commands used in live response and see examples on how they are typically used.
|
||||
|
||||
@ -108,7 +110,7 @@ getfile c:\Users\user\Desktop\work.txt -auto
|
||||
> * Empty files
|
||||
> * Virtual files, or files that are not fully present locally
|
||||
>
|
||||
> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/).
|
||||
> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/?&preserve-view=true).
|
||||
>
|
||||
> Use PowerShell as an alternative, if you have problems using this command from within Live Response.
|
||||
|
||||
|
||||
@ -22,11 +22,13 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Live response gives security operations teams instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats—in real time.
|
||||
|
||||
Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.<br/><br/>
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring.
|
||||
|
||||
|
||||
@ -24,22 +24,23 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
1. Enter your credentials.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Computers**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. You will see the settings that are available.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Next step
|
||||
|
||||
@ -24,10 +24,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for macOS](microsoft-defender-atp-mac.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
This topic describes how to deploy Microsoft Defender for Endpoint for macOS manually. A successful deployment requires the completion of all of the following steps:
|
||||
- [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
|
||||
@ -58,16 +59,16 @@ To complete this process, you must have admin privileges on the device.
|
||||
|
||||
1. Navigate to the downloaded wdav.pkg in Finder and open it.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Continue**, agree with the License terms, and enter the password when prompted.
|
||||
|
||||
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
> You will be prompted to allow a driver from Microsoft to be installed (either "System Extension Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:
|
||||
|
||||
@ -87,7 +88,7 @@ To complete this process, you must have admin privileges on the device.
|
||||
|
||||
1. Navigate to the downloaded wdav.pkg in Finder and open it.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Continue**, agree with the License terms, and enter the password when prompted.
|
||||
|
||||
@ -97,13 +98,13 @@ To complete this process, you must have admin privileges on the device.
|
||||
|
||||
4. From the **Security & Privacy** window, select **Allow**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender for Endpoint for Mac.
|
||||
|
||||
6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender for Endpoint permissions to filter network traffic, select **Allow**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Open **System Preferences** > **Security & Privacy** and navigate to the **Privacy** tab. Grant **Full Disk Access** permission to **Microsoft Defender ATP** and **Microsoft Defender ATP Endpoint Security Extension**.
|
||||
|
||||
|
||||
@ -26,15 +26,17 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Learn how to deploy Microsoft Defender for Endpoint for macOS with Jamf Pro.
|
||||
|
||||
> [!NOTE]
|
||||
> If you are using macOS Catalina (10.15.4) or newer versions of macOS, see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies).
|
||||
|
||||
This is a multi step process. You'll need to complete all of the following steps:
|
||||
This is a multistep process. You'll need to complete all of the following steps:
|
||||
|
||||
- [Login to the Jamf Portal](mac-install-jamfpro-login.md)
|
||||
- [Setup the Microsoft Defender for Endpoint for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md)
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
## Prerequisites and system requirements
|
||||
|
||||
@ -96,7 +98,7 @@ Grant Full Disk Access to the following components:
|
||||
- Identifier Type: Bundle ID
|
||||
- Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9
|
||||
|
||||
- Microsoft Defender for Endpoint Endpoint Security Extension
|
||||
- Microsoft Defender for Endpoint Security Extension
|
||||
- Identifier: `com.microsoft.wdav.epsext`
|
||||
- Identifier Type: Bundle ID
|
||||
- Code Requirement: identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
|
||||
|
||||
@ -24,10 +24,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
Set up the device groups similar to Group policy organizational unite (OUs), Microsoft Endpoint Configuration Manager's device collection, and Intune's device groups.
|
||||
|
||||
@ -35,15 +36,15 @@ Set up the device groups similar to Group policy organizational unite (OUs), Mi
|
||||
|
||||
2. Select **New**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Provide a display name and select **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Now you will see the **Contoso's Machine Group** under **Static Computer Groups**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Next step
|
||||
- [Set up Microsoft Defender for Endpoint for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
|
||||
|
||||
@ -26,8 +26,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
|
||||
|
||||
## Enroll macOS devices
|
||||
|
||||
@ -45,7 +47,7 @@ For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c
|
||||
|
||||
1. In the Jamf Pro dashboard, navigate to **Enrollment invitations**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **+ New**.
|
||||
|
||||
@ -53,29 +55,29 @@ For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c
|
||||
|
||||
3. In **Specify Recipients for the Invitation** > under **Email Addresses** enter the e-mail address(es) of the recipients.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
For example: janedoe@contoso.com
|
||||
|
||||
|
||||
|
||||
|
||||
4. Configure the message for the invitation.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Enrollment Method 2: Prestage Enrollments
|
||||
|
||||
1. In the Jamf Pro dashboard, navigate to **Prestage enrollments**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Follow the instructions in [Computer PreStage Enrollments](https://docs.jamf.com/9.9/casper-suite/administrator-guide/Computer_PreStage_Enrollments.html).
|
||||
|
||||
@ -83,24 +85,24 @@ For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c
|
||||
|
||||
1. Select **Continue** and install the CA certificate from a **System Preferences** window.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Once CA certificate is installed, return to the browser window and select **Continue** and install the MDM profile.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Select **Allow** to downloads from JAMF.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **Continue** to proceed with the MDM Profile installation.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Select **Continue** to install the MDM Profile.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select **Continue** to complete the configuration.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
title: Manage endpoint detection and response capabilities
|
||||
description: Manage endpoint detection and response capabilities
|
||||
ms.reviewer:
|
||||
description: Manage endpoint detection and response capabilities
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -24,7 +24,6 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
@ -99,7 +98,7 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
|
||||
## September 2019
|
||||
|
||||
- [Tamper Protection settings using Intune](../microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-using-intune)<br/>You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management Portal (Intune).
|
||||
- [Tamper protection settings using Intune](../microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#manage-tamper-protection-for-your-organization-using-intune)<br/>You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management Portal (Intune).
|
||||
|
||||
- [Live response](live-response.md)<BR> Get instantaneous access to a device using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user