mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-20 12:53:38 +00:00
onboard and offboard
This commit is contained in:
jcaparas
@ -25,11 +25,11 @@
|
||||
#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
|
||||
### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
|
||||
#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard Windows 10 using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard Windows 10 using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard Windows 10 using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
|
||||
###### [Onboard Windows 10 using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
|
||||
##### [Onboard Windows 10 using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
|
||||
###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune)
|
||||
##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||
#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
@ -205,9 +205,9 @@
|
||||
|
||||
####Machine management
|
||||
### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
|
||||
### [Offboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
|
||||
### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#### [Configure Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
|
||||
### [Configure Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
|
||||
### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -33,7 +33,7 @@ ms.date: 04/16/2018
|
||||
> [!NOTE]
|
||||
> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
|
||||
|
||||
## Onboard endpoints
|
||||
## Onboard machines using Group Policy
|
||||
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
||||
|
||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||
@ -114,8 +114,8 @@ Possible values are:
|
||||
|
||||
The default value in case the registry key doesn’t exist is Normal.
|
||||
|
||||
### Offboard endpoints
|
||||
For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
## Offboard machines using Group Policy
|
||||
For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
|
||||
> [!NOTE]
|
||||
> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
|
||||
|
||||
@ -121,9 +121,8 @@ Configuration for onboarded machines: diagnostic data reporting frequency | ./De
|
||||
|
||||
|
||||
|
||||
### Offboard and monitor endpoints
|
||||
|
||||
For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
## Offboard and monitor machines using Mobile Device Management tools
|
||||
For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
|
||||
> [!NOTE]
|
||||
> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Onboard non-Windows machines in Windows Defender ATP
|
||||
title: Onboard non-Windows machines to the Windows Defender ATP service
|
||||
description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service.
|
||||
keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -28,8 +28,7 @@ Windows Defender ATP provides a centralized security operations experience for W
|
||||
|
||||
You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work.
|
||||
|
||||
## Onboard non-Windows endpoints
|
||||
You'll need to take the following steps to onboard non-Windows endpoints:
|
||||
You'll need to take the following steps to onboard non-Windows machines:
|
||||
1. Turn on third-party integration
|
||||
2. Run a detection test
|
||||
|
||||
@ -54,7 +53,7 @@ Create an EICAR test file by saving the string displayed on the portal in an emp
|
||||
|
||||
The file should trigger a detection and a corresponding alert on Windows Defender ATP.
|
||||
|
||||
### Offboard non-Windows endpoints
|
||||
## Offboard non-Windows machines
|
||||
To effectively offboard the endpoints from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
|
||||
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ ms.localizationpriority: high
|
||||
ms.date: 04/16/2018
|
||||
---
|
||||
|
||||
# Onboards Windows 10 machines using System Center Configuration Manager
|
||||
# Onboard Windows 10 machines using System Center Configuration Manager
|
||||
|
||||
**Applies to:**
|
||||
|
||||
@ -44,7 +44,8 @@ You can use existing System Center Configuration Manager functionality to create
|
||||
- System Center Configuration Manager (current branch), version 1511
|
||||
- System Center Configuration Manager (current branch), version 1602
|
||||
|
||||
### Onboard Windows 10 machines
|
||||
### Onboard machines using System Center Configuration Manager
|
||||
|
||||
|
||||
1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
||||
|
||||
@ -116,9 +117,9 @@ Possible values are:
|
||||
The default value in case the registry key doesn’t exist is Normal.
|
||||
|
||||
|
||||
### Offboard endpoints
|
||||
## Offboard machines using System Center Configuration Manager
|
||||
|
||||
For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
|
||||
> [!NOTE]
|
||||
> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
|
||||
|
||||
@ -32,7 +32,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
|
||||
> [!NOTE]
|
||||
> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
## Onboard endpoints
|
||||
## Onboard machines
|
||||
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
||||
|
||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||
@ -85,8 +85,8 @@ Possible values are:
|
||||
The default value in case the registry key doesn’t exist is 1.
|
||||
|
||||
|
||||
## Offboard endpoints
|
||||
For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
## Offboard machines using a local script
|
||||
For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
|
||||
> [!NOTE]
|
||||
> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure non-persistent virtual desktop infrastructure (VDI) machines
|
||||
title: Onboard non-persistent virtual desktop infrastructure (VDI) machines
|
||||
description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
|
||||
keywords: configure virtual desktop infrastructure (VDI) machine, vdi, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -13,7 +13,7 @@ ms.localizationpriority: high
|
||||
ms.date: 04/16/2018
|
||||
---
|
||||
|
||||
# Configure non-persistent virtual desktop infrastructure (VDI) machines
|
||||
# Onboard non-persistent virtual desktop infrastructure (VDI) machines
|
||||
|
||||
**Applies to:**
|
||||
- Virtual desktop infrastructure (VDI) machines
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Windows Defender ATP server endpoints
|
||||
description: Configure server endpoints so that they can send sensor data to the Windows Defender ATP sensor.
|
||||
keywords: configure server endpoints, server, server onboarding, endpoint management, configure Windows ATP server endpoints, configure Windows Defender Advanced Threat Protection server endpoints
|
||||
title: Onboard servers to the Windows Defender ATP service
|
||||
description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
|
||||
keywords: onboard server, server, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -12,7 +12,7 @@ localizationpriority: high
|
||||
ms.date: 04/16/2018
|
||||
---
|
||||
|
||||
# Configure Windows Defender ATP server endpoints
|
||||
# Onboard servers
|
||||
|
||||
**Applies to:**
|
||||
|
||||
@ -105,7 +105,7 @@ You’ll be able to onboard in the same method available for Windows 10 client e
|
||||
|
||||
If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
|
||||
|
||||
### Offboard server endpoints
|
||||
## Offboard servers
|
||||
To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
|
||||
For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
|
||||
|
||||
@ -114,7 +114,7 @@ For more information, see [To disable an agent](https://docs.microsoft.com/en-us
|
||||
|
||||
## Related topics
|
||||
- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -31,3 +31,16 @@ ms.date: 04/16/2018
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
|
||||
|
||||
Follow the corresponding instructions depending on your preferred deployment method.
|
||||
|
||||
## Offboard Windows 10 machines
|
||||
- [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy)
|
||||
- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager)
|
||||
- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
|
||||
|
||||
## Offboard Servers
|
||||
- [Offboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md#offboard-servers)
|
||||
|
||||
## Offboard non-Windows machines
|
||||
- [Offboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md#offboard-non-windows-machines)
|
||||
|
||||
|
||||
@ -54,7 +54,7 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
|
||||
- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)<br>
|
||||
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
|
||||
|
||||
- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)<br>
|
||||
- [Configure non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)<br>
|
||||
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data.
|
||||
|
||||
- [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)<br>
|
||||
|
||||
@ -53,7 +53,7 @@ If while accessing the Windows Defender ATP portal you get a **Your subscription
|
||||
You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the endpoint offboarding package, should you choose to not renew the license.
|
||||
|
||||
> [!NOTE]
|
||||
> For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
> For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -88,7 +88,7 @@ detect sophisticated cyber-attacks, providing:
|
||||
Topic | Description
|
||||
:---|:---
|
||||
Get started | Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
|
||||
[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about configuring client, server, and non-Windows endpoints. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
|
||||
[Onboard endpoints](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about configuring client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
|
||||
[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations and Secure score dashboard, and how to navigate the portal.
|
||||
Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
|
||||
API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.
|
||||
|
||||
Reference in New Issue
Block a user