mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Merge branch 'master' into patch-2
This commit is contained in:
Tina Burden
GitHub
@ -95,7 +95,7 @@ Endpoint type | GCC | GCC High
|
||||
:---|:---|:---
|
||||
Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us`
|
||||
Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
|
||||
SIEM | Rolling out | `https://wdatp-alertexporter-us.securitycenter.windows.us`
|
||||
SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https://wdatp-alertexporter-us.securitycenter.windows.us`
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboarding using Microsoft Endpoint Manager
|
||||
description: Learn how to onboard to Microsoft Defender ATP using Microsoft Endpoint Configuration Manager
|
||||
keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction
|
||||
title: Onboarding using Microsoft Endpoint Configuration Manager
|
||||
description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Configuration Manager
|
||||
keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint configuration manager
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -19,7 +19,7 @@ ms.collection:
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Onboarding using Microsoft Endpoint Manager
|
||||
# Onboarding using Microsoft Endpoint Configuration Manager
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
@ -63,7 +63,7 @@ created for testing.
|
||||
|
||||
Onboarding using tools such as Group policy or manual method does not install any agent on the system.
|
||||
|
||||
Within the Microsoft Endpoint Manager console
|
||||
Within the Microsoft Endpoint Configuration Manager console
|
||||
the onboarding process will be configured as part of the compliance settings
|
||||
within the console.
|
||||
|
||||
@ -73,47 +73,47 @@ continues to receive this policy from the management point.
|
||||
|
||||
Follow the steps below to onboard endpoints using Microsoft Endpoint Configuration Manager.
|
||||
|
||||
1. In Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Right Click **Device Collection** and select **Create Device Collection**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **Add Rule** and choose **Query Rule**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select **Criteria** and then choose the star icon.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Select **Next** and **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
||||
|
||||
|
||||
## Step 2: Configure Microsoft Defender for Endpoint capabilities
|
||||
This section guides you in configuring the following capabilities using Microsoft Endpoint Manager on Windows devices:
|
||||
This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices:
|
||||
|
||||
- [**Endpoint detection and response**](#endpoint-detection-and-response)
|
||||
- [**Next-generation protection**](#next-generation-protection)
|
||||
@ -143,11 +143,11 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Click **Browse**.
|
||||
|
||||
@ -168,7 +168,7 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
15. Click **Close** when the Wizard completes.
|
||||
|
||||
16. In the Microsoft Endpoint Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
||||
16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
||||
|
||||
|
||||
|
||||
@ -231,7 +231,7 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
|
||||
### Next generation protection
|
||||
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
||||
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
|
||||
|
||||
|
||||
@ -283,9 +283,9 @@ All these features provide an audit mode and a block mode. In audit mode there i
|
||||
|
||||
To set ASR rules in Audit mode:
|
||||
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Attack Surface Reduction**.
|
||||
@ -293,26 +293,26 @@ To set ASR rules in Audit mode:
|
||||
|
||||
3. Set rules to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured ASR rules in audit mode.
|
||||
|
||||
@ -341,7 +341,7 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
|
||||
|
||||
#### Set Network Protection rules in Audit mode:
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
@ -361,42 +361,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Select the policy to the newly created Windows 10 collection and choose **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured Network
|
||||
Protection in audit mode.
|
||||
|
||||
#### To set Controlled Folder Access rules in Audit mode:
|
||||
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Controlled folder access**.
|
||||
|
||||
3. Set the configuration to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click on **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
You have now successfully configured Controlled folder access in audit mode.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user