diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cloud-native-architecture.png b/windows/security/threat-protection/microsoft-defender-atp/images/cloud-native-architecture.png new file mode 100644 index 0000000000..c19f2aef54 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cloud-native-architecture.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/co-management-architecture.png b/windows/security/threat-protection/microsoft-defender-atp/images/co-management-architecture.png new file mode 100644 index 0000000000..4ce41c73a7 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/co-management-architecture.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/intune-onboarding.png b/windows/security/threat-protection/microsoft-defender-atp/images/intune-onboarding.png new file mode 100644 index 0000000000..216b928467 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/intune-onboarding.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 800f2e0f16..3ed8df33d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -51,14 +51,14 @@ It's important to understand the following prerequisites prior to creating indic > Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
> NOTE: ->- IP is supported for all three protocols ->- Only single IP addresses are supported (no CIDR blocks or IP ranges) ->- Encrypted URLs (full path) can only be blocked on first party browsers ->- Encrypted URLS (FQDN only) can be blocked outside of first party browsers ->- Full URL path blocks can be applied on the domain level and all unencrypted URLs +> - IP is supported for all three protocols +> - Only single IP addresses are supported (no CIDR blocks or IP ranges) +> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) +> - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) +> - Full URL path blocks can be applied on the domain level and all unencrypted URLs ->[!NOTE] ->There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. +> [!NOTE] +> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. ### Create an indicator for IPs, URLs, or domains from the settings page diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index 87b9afcb05..aa7afd643d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -26,7 +26,21 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -This article is part of the Deployment guide and acts as an example onboarding method that guides users in: + + +This article is part of the Deployment guide and acts as an example onboarding method. + +In the [Planning](deployment-strategy.md) topic, there were several methods provided to onboard devices to the service. This topic covers the co-management architecture. + +![Image of cloud-native architecture](images/co-management-architecture.png) +*Diagram of environment architectures* + + +While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md). + + + +This topic guides users in: - Step 1: Onboarding Windows devices to the service - Step 2: Configuring Defender for Endpoint capabilities @@ -37,9 +51,7 @@ This onboarding guidance will walk you through the following basic steps that yo >[!NOTE] >Only Windows devices are covered in this example deployment. -While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. -For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md). ## Step 1: Onboard Windows devices using Microsoft Endpoint Configuration Manager diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 1c87de1aa1..5c1abff92d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -1,6 +1,6 @@ --- -title: Onboarding using Microsoft Endpoint Manager -description: Learn how to onboard to Microsoft Defender ATP using Microsoft Endpoint Manager +title: Onboarding using Microsoft Intune +description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Intune keywords: onboarding, configuration, deploy, deployment, endpoint manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -19,7 +19,7 @@ ms.collection: ms.topic: article --- -# Onboarding using Microsoft Endpoint Manager +# Onboarding using Microsoft Intune [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -29,7 +29,20 @@ ms.topic: article -This article is part of the Deployment guide and acts as an example onboarding method that guides users in: +This article is part of the Deployment guide and acts as an example onboarding method. + +In the [Planning](deployment-strategy.md) topic, there were several methods provided to onboard devices to the service. This topic covers the cloud-native architecture. + +![Image of cloud-native architecture](images/cloud-native-architecture.png) +*Diagram of environment architectures* + +While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md). + + +[Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) is a solution platform that unifies several services. It includes [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) for cloud-based device management. + + +This topic guides users in: - Step 1: Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM) to assign configurations on - Step 2: Configuring Defender for Endpoint capabilities using Microsoft Endpoint Manager @@ -43,9 +56,9 @@ This onboarding guidance will walk you through the following basic steps that yo - In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability. -While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. -For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md). + + ## Resources diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index bdcafd18a1..e4a6a6708b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -27,6 +27,8 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +Learn about the various phases of deploying Microsoft Defender for Endpoint and how to configure the capabilities within the solution. + Deploying Defender for Endpoint is a three-phase process: | [![deployment phase - prepare](images/phase-diagrams/prepare.png)](prepare-deployment.md)
[Phase 1: Prepare](prepare-deployment.md) | [![deployment phase - setup](images/phase-diagrams/setup.png)](production-deployment.md)
[Phase 2: Setup](production-deployment.md) | ![deployment phase - onboard](images/phase-diagrams/onboard.png)
Phase 3: Onboard |