From 70c86ca87adeb55ef885836bca7193f2d12ea5d8 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Sun, 6 Dec 2020 23:33:50 +0530 Subject: [PATCH 1/6] Update android-intune.md --- .../microsoft-defender-atp/android-intune.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index ddba7d596d..8df0232412 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -244,6 +244,45 @@ the *Required* section \> **Add group,** selecting the user group and click above. Then select **Review + Save** and then **Save** again to commence assignment. +### Auto Setup of Always-on VPN +Defender for Endpoint supports Device configuration policies for managed devices via Intune. This capability can be leveraged to **Auto setup of Always-on VPN** on Android Enterprise enrolled devices, so the end user does not need to setup VPN service while onboarding. +1. On **Devices** Page go to **Configuration Profiles** > **Create Profile** > **Platform** > **Android Enterprise** +Select **Device restrictions** under one of the following, based on your device enrollment type +- **Fully Managed, Dedicated, and Corporate-Owned Work Profile** +- **Personally-Owned Work Profile** + +Select **Create** + + > ![Image of devices configuration profile create](images/1autosetupofvpn.png) + + 2. **Configuration Settings** + Provide **Name** and **Description** to uniquely identify the configuration profile. + + > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) + + 3. Select **Connectivity** and configure VPN +- Enable **Always-on VPN** +Setup a VPN client in the work profile to automatically connect and reconnect to the VPN whenever possible. Only one VPN client can be configured for always-on VPN on a given device, so be sure to have no more than one always-on VPN policy deployed to a single device. +- Select **Custom** in VPN client dropdown list +Custom VPN in this case is Defender for Endpoint VPN which is used to provide the Web Protection feature. + >[!NOTE] + >Microsoft Defender ATP app must be installed on user’s device, in order to functioning of auto setup of this VPN. + +- Enter **Package ID** of the Microsoft Defender ATP app in Google Play store. For the Defender app URL https://play.google.com/store/apps/details?id=com.microsoft.scmx, Package ID is **com.microsoft.scmx** +- **Lockdown mode** Not configured (Default) + + > ![Image of devices configuration profile enable Always-on VPN](images/3autosetupofvpn.png) + +4. **Assignment** +In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups** to include and selecting the applicable group and then click **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. + + > ![Image of devices configuration profile Assignment](images/4autosetupofvpn.png) + +5. In the **Review + Create** page that comes up next, review all the information and then select **Create**. +The device configuration profile is now assigned to the selected user group. + + > ![Image of devices configuration profile Review and Create](images/5autosetupofvpn.png) + ## Complete onboarding and check status 1. Confirm the installation status of Microsoft Defender for Endpoint for Android by From c97dd827aabde4bd7021025f0f3f1b46f7c5c0e9 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:12:26 +0530 Subject: [PATCH 2/6] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 8df0232412..9ea37593b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -251,7 +251,7 @@ Select **Device restrictions** under one of the following, based on your device - **Fully Managed, Dedicated, and Corporate-Owned Work Profile** - **Personally-Owned Work Profile** -Select **Create** +Select **Create**. > ![Image of devices configuration profile create](images/1autosetupofvpn.png) From 87ec63a50d87e0001bb5c5db22f13cd0ff913174 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:12:48 +0530 Subject: [PATCH 3/6] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 9ea37593b4..1149d15bfa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -256,7 +256,7 @@ Select **Create**. > ![Image of devices configuration profile create](images/1autosetupofvpn.png) 2. **Configuration Settings** - Provide **Name** and **Description** to uniquely identify the configuration profile. + Provide a **Name** and a **Description** to uniquely identify the configuration profile. > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) From e08a950b16126d263fef859ac6fcd248f49f4f1c Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:13:25 +0530 Subject: [PATCH 4/6] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/android-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 1149d15bfa..124eeeb54b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -265,8 +265,8 @@ Select **Create**. Setup a VPN client in the work profile to automatically connect and reconnect to the VPN whenever possible. Only one VPN client can be configured for always-on VPN on a given device, so be sure to have no more than one always-on VPN policy deployed to a single device. - Select **Custom** in VPN client dropdown list Custom VPN in this case is Defender for Endpoint VPN which is used to provide the Web Protection feature. - >[!NOTE] - >Microsoft Defender ATP app must be installed on user’s device, in order to functioning of auto setup of this VPN. + > [!NOTE] + > Microsoft Defender ATP app must be installed on user’s device, in order to functioning of auto setup of this VPN. - Enter **Package ID** of the Microsoft Defender ATP app in Google Play store. For the Defender app URL https://play.google.com/store/apps/details?id=com.microsoft.scmx, Package ID is **com.microsoft.scmx** - **Lockdown mode** Not configured (Default) From 2975e8acfa91749298141474876992b1cbb89d0d Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:13:53 +0530 Subject: [PATCH 5/6] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 124eeeb54b..c895bc6d61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -260,7 +260,7 @@ Select **Create**. > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) - 3. Select **Connectivity** and configure VPN + 3. Select **Connectivity** and configure VPN: - Enable **Always-on VPN** Setup a VPN client in the work profile to automatically connect and reconnect to the VPN whenever possible. Only one VPN client can be configured for always-on VPN on a given device, so be sure to have no more than one always-on VPN policy deployed to a single device. - Select **Custom** in VPN client dropdown list From 33a50f238a6992b067d42eb91c6aed32f4022ec2 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 12:11:42 +0530 Subject: [PATCH 6/6] Update android-intune.md --- .../microsoft-defender-atp/android-intune.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index c895bc6d61..97fbc058cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -252,10 +252,10 @@ Select **Device restrictions** under one of the following, based on your device - **Personally-Owned Work Profile** Select **Create**. - - > ![Image of devices configuration profile create](images/1autosetupofvpn.png) - 2. **Configuration Settings** + > ![Image of devices configuration profile Create](images/1autosetupofvpn.png) + +2. **Configuration Settings** Provide a **Name** and a **Description** to uniquely identify the configuration profile. > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) @@ -272,7 +272,7 @@ Custom VPN in this case is Defender for Endpoint VPN which is used to provide th - **Lockdown mode** Not configured (Default) > ![Image of devices configuration profile enable Always-on VPN](images/3autosetupofvpn.png) - + 4. **Assignment** In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups** to include and selecting the applicable group and then click **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app.