deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs4' into jdrs4holo

Browse Source
This commit is contained in:
Jeanie Decker 2018-03-30 06:02:58 -07:00
commit 3b87ab3dec
3 changed files with 70 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/application-management/app-v/appv-getting-started.md
View File

@ -6,18 +6,18 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.prod: w10 ms.prod: w10
ms.date: 04/19/2017 ms.date: 03/28/2018
--- ---
# Getting Started with App-V for Windows 10 # Getting Started with App-V for Windows 10
**Applies to** **Applies to**
- Windows 10, version 1607 - Windows 10
Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally. Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, youll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md). With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, review which versions of Windows are supported and have the necessary software preinstalled in the [App-V for Windows 10 Prerequisites](appv-prerequisites.md).
If youre already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md). If youre already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).

4
windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md
View File

@ -45,7 +45,9 @@ There are three primary steps to keep in mind:
The identity of the managed installer executable(s) is specified in an AppLocker policy in a Managed Installer rule collection. The identity of the managed installer executable(s) is specified in an AppLocker policy in a Managed Installer rule collection.
Currently the AppLocker policy creation UI and cmdlets do not allow for directly specifying rules for the Managed Installer rule collection, however a text editor can be used to make the simple changes needed to an EXE or DLL rule collection policy to specify Type="ManagedInstaller". Currently the AppLocker policy creation UI and cmdlets do not allow for directly specifying rules for the Managed Installer rule collection, however a text editor can be used to make the simple changes needed to an EXE or DLL rule collection policy to specify Type="ManagedInstaller".
An example of a valid Managed Installer rule collection is shown below. An example of a valid Managed Installer rule collection is shown below.
For more information about creating an AppLocker policy that includes a managed installer and configuring client devices, see [Simplify application whitelisting with Configuration Manager and Windows 10](https://cloudblogs.microsoft.com/enterprisemobility/2016/06/20/configmgr-as-a-managed-installer-with-win10/).
```code ```code
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly"> <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">

123
windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
View File

@ -40,6 +40,70 @@ For more information on enabling MDM with Microsoft Intune, see [Setup Windows D
For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
![Endpoint onboarding](images/atp-mdm-onboarding-package.png)
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
3. Login to the [Microsoft Azure portal](https://portal.azure.com).
4. From the Intune blade, choose **Device configuration**.
![Image of device configuration menu in Microsoft Azure](images/atp-azure-intune-device-config.png)
5. Under **Manage**, choose **Profiles** and click **Create Profile**.
![Image of policy creation in Azure](images/atp-azure-intune-create-profile.png)
6. Type a name, description and choose **Windows 10 and later** as the Platform and **Custom** as the Profile type.
![Image of naming a policy](images/atp-intune-custom.png)
7. Click **Settings** > **Configure**.
![Image of settings](images/atp-intune-configure.png)
8. Under Custom OMA-URI Settings, click **Add**.
![Image of configuration settings](images/atp-custom-oma-uri.png)
9. Enter the following values, then click **OK**.
![Image of profile creation](images/atp-oma-uri-values.png)
- **Name**: Type a name for the setting.
- **Description**: Type a description for the setting.
- **OMA-URI**: _./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding_
- **Value**: Copy and paste the contents of the WindowsDefenderATP.onboarding file you downloaded.
10. Save the settings by clicking **OK**.
11. Click **Create**.
![Image of the policy being created](images/atp-intune-create-policy.png)
12. To deploy the Profile, click **Assignments**.
![Image of groups](images/atp-intune-assignments.png)
13. Search for and select the Group you want to apply the Configuration Profile to, then click **Select**.
![Image of groups](images/atp-intune-group.png)
14. Click **Save** to finish deploying the Configuration Profile.
![Image of deployment](images/atp-intune-save-deployment.png)
### Onboard and monitor endpoints using the classic Intune console ### Onboard and monitor endpoints using the classic Intune console
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
@ -117,66 +181,7 @@ Configuration for onboarded machines: diagnostic data reporting frequency | ./De
>[!TIP] >[!TIP]
> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md). > After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
![Endpoint onboarding](images/atp-mdm-onboarding-package.png)
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
3. Login to the [Microsoft Azure portal](https://portal.azure.com).
4. From the Intune blade, choose **Device configuration**.
![Image of device configuration menu in Microsoft Azure](images/atp-azure-intune-device-config.png)
5. Under **Manage**, choose **Profiles** and click **Create Profile**.
![Image of policy creation in Azure](images/atp-azure-intune-create-profile.png)
6. Type a name, description and choose **Windows 10 and later** as the Platform and **Custom** as the Profile type.
![Image of naming a policy](images/atp-intune-custom.png)
7. Click **Settings** > **Configure**.
![Image of settings](images/atp-intune-configure.png)
8. Under Custom OMA-URI Settings, click **Add**.
![Image of configuration settings](images/atp-custom-oma-uri.png)
9. Enter the following values, then click **OK**.
![Image of profile creation](images/atp-oma-uri-values.png)
- **Name**: Type a name for the setting.
- **Description**: Type a description for the setting.
- **OMA-URI**: _./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding_
- **Value**: Copy and paste the contents of the WindowsDefenderATP.onboarding file you downloaded.
10. Save the settings by clicking **OK**.
11. Click **Create**.
![Image of the policy being created](images/atp-intune-create-policy.png)
12. To deploy the Profile, click **Assignments**.
![Image of groups](images/atp-intune-assignments.png)
13. Search for and select the Group you want to apply the Configuration Profile to, then click **Select**.
![Image of groups](images/atp-intune-group.png)
14. Click **Save** to finish deploying the Configuration Profile.
![Image of deployment](images/atp-intune-save-deployment.png)
### Offboard and monitor endpoints ### Offboard and monitor endpoints