deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #4558 from MicrosoftDocs/master

Browse Source 
Publish 01/13/2021 3:30 PM
This commit is contained in:
Gary Moore 2021-01-13 15:51:45 -08:00 committed by GitHub
commit 562b41c92c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 43 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/threat-protection/microsoft-defender-atp/images/cloud-native-architecture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 133 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/co-management-architecture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 133 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/intune-onboarding.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 119 KiB

14
windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
View File

@ -51,14 +51,14 @@ It's important to understand the following prerequisites prior to creating indic
> Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement: <br>
> NOTE:
>- IP is supported for all three protocols
>- Only single IP addresses are supported (no CIDR blocks or IP ranges)
>- Encrypted URLs (full path) can only be blocked on first party browsers
>- Encrypted URLS (FQDN only) can be blocked outside of first party browsers
>- Full URL path blocks can be applied on the domain level and all unencrypted URLs
> - IP is supported for all three protocols
> - Only single IP addresses are supported (no CIDR blocks or IP ranges)
> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)
> - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
> - Full URL path blocks can be applied on the domain level and all unencrypted URLs
>[!NOTE]
>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
> [!NOTE]
> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
### Create an indicator for IPs, URLs, or domains from the settings page

18
windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
View File

@ -26,7 +26,21 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
This article is part of the Deployment guide and acts as an example onboarding method.
In the [Planning](deployment-strategy.md) topic, there were several methods provided to onboard devices to the service. This topic covers the co-management architecture.
![Image of cloud-native architecture](images/co-management-architecture.png)
*Diagram of environment architectures*
While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
This topic guides users in:
- Step 1: Onboarding Windows devices to the service
- Step 2: Configuring Defender for Endpoint capabilities
@ -37,9 +51,7 @@ This onboarding guidance will walk you through the following basic steps that yo
>[!NOTE]
>Only Windows devices are covered in this example deployment.
While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them.
For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
## Step 1: Onboard Windows devices using Microsoft Endpoint Configuration Manager

25
windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
View File

@ -1,6 +1,6 @@
---
title: Onboarding using Microsoft Endpoint Manager
description: Learn how to onboard to Microsoft Defender ATP using Microsoft Endpoint Manager
title: Onboarding using Microsoft Intune
description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Intune
keywords: onboarding, configuration, deploy, deployment, endpoint manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -19,7 +19,7 @@ ms.collection:
ms.topic: article
---
# Onboarding using Microsoft Endpoint Manager
# Onboarding using Microsoft Intune
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@ -29,7 +29,20 @@ ms.topic: article
This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
This article is part of the Deployment guide and acts as an example onboarding method.
In the [Planning](deployment-strategy.md) topic, there were several methods provided to onboard devices to the service. This topic covers the cloud-native architecture.
![Image of cloud-native architecture](images/cloud-native-architecture.png)
*Diagram of environment architectures*
While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
[Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) is a solution platform that unifies several services. It includes [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) for cloud-based device management.
This topic guides users in:
- Step 1: Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM) to assign configurations on
- Step 2: Configuring Defender for Endpoint capabilities using Microsoft Endpoint Manager
@ -43,9 +56,9 @@ This onboarding guidance will walk you through the following basic steps that yo
- In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability.
While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them.
For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
## Resources

2
windows/security/threat-protection/microsoft-defender-atp/onboarding.md
View File

@ -27,6 +27,8 @@ ms.topic: article
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Learn about the various phases of deploying Microsoft Defender for Endpoint and how to configure the capabilities within the solution.
Deploying Defender for Endpoint is a three-phase process:
| [![deployment phase - prepare](images/phase-diagrams/prepare.png)](prepare-deployment.md)<br>[Phase 1: Prepare](prepare-deployment.md) | [![deployment phase - setup](images/phase-diagrams/setup.png)](production-deployment.md)<br>[Phase 2: Setup](production-deployment.md) | ![deployment phase - onboard](images/phase-diagrams/onboard.png)<br>Phase 3: Onboard |