deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #54 from MicrosoftDocs/thirdparty

Browse Source 
update onboarding and offboarding
This commit is contained in:
jcaparas 2019-04-24 11:05:59 -07:00 committed by GitHub
commit 5bdb366356
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
it-client Submodule

@ -0,0 +1 @@
Subproject commit 61e0a21977430f3c0eef1c32e398999dc090c332

47
windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
View File

@ -28,47 +28,40 @@ ms.topic: article
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products sensor data.
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network.
You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work.
## Onboarding non-Windows machines
You'll need to take the following steps to onboard non-Windows machines:
1. Turn on third-party integration
2. Run a detection test
1. Select your preferred method of onboarding:
## Turn on third-party integration
- For macOS devices, you can choose to onboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac).
- For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**.
1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed.
2. In the **Partner Applications** tab, select the partner that supports your non-Windows devices.
2. Select **Linux, macOS, iOS and Android** as the operating system.
3. Select **Open partner page** to open the partner's page. Follow the instructions provided on the page.
3. Turn on the third-party solution integration.
4. After creating an account or subscribing to the partner solution, you should get to a stage where a tenant Global Admin in your organization is asked to accept a permission request from the partner application. Read the permission request carefully to make sure that it is aligned with the service that you require.
4. Click **Generate access token** button and then **Copy**.
5. Youll need to copy and paste the token to the third-party solution youre using. The implementation may vary depending on the solution.
>[!WARNING]
>The access token has a limited validity period. If needed, regenerate the token close to the time you need to share it with the third-party solution.
### Run detection test
Create an EICAR test file by saving the string displayed on the portal in an empty text file. Then, introduce the test file to a machine running the third-party antivirus solution.
The file should trigger a detection and a corresponding alert on Windows Defender ATP.
2. Run a detection test by following the instructions of the third-party solution.
## Offboard non-Windows machines
To effectively offboard the machine from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
1. Follow the third-party's documentation to disconnect the third-party solution from Windows Defender ATP.
1. Follow the third-party documentation to opt-out on the third-party service side.
2. Remove permissions for the third-party solution in your Azure AD tenant.
1. Sign in to the [Azure portal](https://portal.azure.com).
2. Select **Azure Active Directory > Enterprise Applications**.
3. Select the application you'd like to offboard.
4. Select the **Delete** button.
2. In the navigation pane, select **Settings** > **Onboarding**.
3. Turn off the third-party solution integration.
>[!WARNING]
>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on machines.
## Related topics
- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)