From 39363a4f7f9487ddf9e4e04b6cd619b40b2c134b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 19 Feb 2020 13:11:12 -0800 Subject: [PATCH] update onboarding topic --- .../microsoft-defender-atp/onboarding.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 89e618a415..b27dc98e57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -45,6 +45,18 @@ Deploying Microsoft Defender ATP is a three-phase process: You are currently in the configuration phase. + + +To deploy Microsoft Defender ATP, you'll need to onboard devices to the service. Depending on the architecture of your environment, you'll need to use the appropriate management tool that best suites your requirements. + +The deployment guide uses Microsoft Endpoint Configuration Manager to demonstrate an end-to-end deployment. + +This article will guide you on: +- Setting up Microsoft Endpoint Configuration Manager +- Endpoint detection and response configuration +- Next-generation protection configuration +- Attack surface reduction configuration + ## Onboarding using Microsoft Endpoint Configuration Manager ### Collection creation To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the @@ -315,9 +327,11 @@ needs on how Antivirus is configured. After completing this task, you now have successfully configured Windows Defender Antivirus. -## Attack Surface Reduction +## Attack surface reduction The attack surface reduction pillar of Microsoft Defender ATP includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit -Protection. All these features provide an audit mode and a block mode. In audit mode there is no end user impact all it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step by step move security controls into block mode. +Protection. + +All these features provide an audit mode and a block mode. In audit mode there is no end-user impact. All it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step-by-step move security controls into block mode. To set ASR rules in Audit mode: