diff --git a/it-client b/it-client new file mode 160000 index 0000000000..61e0a21977 --- /dev/null +++ b/it-client @@ -0,0 +1 @@ +Subproject commit 61e0a21977430f3c0eef1c32e398999dc090c332 diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index f0a4d195c6..a61be35a5b 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -28,57 +28,44 @@ ms.topic: article -Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. +Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work. + + +## Onboarding non-Windows machines You'll need to take the following steps to onboard non-Windows machines: -1. Turn on third-party integration. -2. Follow instructions provided by the third-party tool. -3. Run a detection test. +1. Select your preferred method of onboarding: -## Turn on third-party integration + - For macOS devices, you can choose to onboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac). + - For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**. + + 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. -1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed. + 2. In the **Partner Applications** tab, select the partner that supports your non-Windows devices. -2. Select **Linux, macOS, iOS and Android** as the operating system. + 3. Select **Open partner page** to open the partner's page. Follow the instructions provided on the page. -3. Turn on the third-party solution integration. + 4. After creating an account or subscribing to the partner solution, you should get to a stage where a tenant Global Admin in your organization is asked to accept a permission request from the partner application. Read the permission request carefully to make sure that it is aligned with the service that you require. -4. Click **Generate access token** button and then **Copy**. - -5. You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. - - ->[!WARNING] ->The access token has a limited validity period. If needed, regenerate the token close to the time you need to share it with the third-party solution. - -## Follow instructions provided by the third-party tool -After turning on the integration and generating the access token, you'll need to follow the instructions provided by the third-party tool you're using. - -For more information, see: - -- Bitdefender - Get telemetry from macOS and Linux machines with [Bitdefender antivirus](https://go.microsoft.com/fwlink/?linkid=860032). -- SentinelOne - Get telemetry from macOS and Linux machines with the [SentinelOne agent](https://go.microsoft.com/fwlink/?linkid=866934). -- Ziften - Get telemetry from macOS and Linux machines with the [Ziften agent](https://go.microsoft.com/fwlink/?linkid=862988). - -### Run detection test -Create an EICAR test file by saving the string displayed on the portal in an empty text file. Then, introduce the test file to a machine running the third-party antivirus solution. - -The file should trigger a detection and a corresponding alert on Windows Defender ATP. + +2. Run a detection test by following the instructions of the third-party solution. ## Offboard non-Windows machines -To effectively offboard the machine from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow. +To effectively offboard the machine from the service, you'll need to disable the data push on the third-party portal first. 1. Follow the third-party documentation to opt-out on the third-party service side. -2. In the navigation pane, select **Settings** > **Onboarding**. +2. In the navigation pane, select **Settings** > **Offboarding**. + 1. For macOS devices, you can choose to offboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac#uninstallation). + + 2. For other non-Windows devices choose **Offboard non-Windows machines by disabling third-party integration**. + + -3. Turn off the third-party solution integration. ->[!WARNING] ->If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on machines. ## Related topics - [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)