diff --git a/it-client b/it-client new file mode 160000 index 0000000000..61e0a21977 --- /dev/null +++ b/it-client @@ -0,0 +1 @@ +Subproject commit 61e0a21977430f3c0eef1c32e398999dc090c332 diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index de556b2903..cd5b2e9c98 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -28,47 +28,40 @@ ms.topic: article -Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. +Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work. + + +## Onboarding non-Windows machines You'll need to take the following steps to onboard non-Windows machines: -1. Turn on third-party integration -2. Run a detection test +1. Select your preferred method of onboarding: -## Turn on third-party integration + - For macOS devices, you can choose to onboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac). + - For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**. + + 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. -1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed. + 2. In the **Partner Applications** tab, select the partner that supports your non-Windows devices. -2. Select **Linux, macOS, iOS and Android** as the operating system. + 3. Select **Open partner page** to open the partner's page. Follow the instructions provided on the page. -3. Turn on the third-party solution integration. + 4. After creating an account or subscribing to the partner solution, you should get to a stage where a tenant Global Admin in your organization is asked to accept a permission request from the partner application. Read the permission request carefully to make sure that it is aligned with the service that you require. -4. Click **Generate access token** button and then **Copy**. - -5. You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. - - ->[!WARNING] ->The access token has a limited validity period. If needed, regenerate the token close to the time you need to share it with the third-party solution. - -### Run detection test -Create an EICAR test file by saving the string displayed on the portal in an empty text file. Then, introduce the test file to a machine running the third-party antivirus solution. - -The file should trigger a detection and a corresponding alert on Windows Defender ATP. + +2. Run a detection test by following the instructions of the third-party solution. ## Offboard non-Windows machines -To effectively offboard the machine from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow. +1. Follow the third-party's documentation to disconnect the third-party solution from Windows Defender ATP. -1. Follow the third-party documentation to opt-out on the third-party service side. +2. Remove permissions for the third-party solution in your Azure AD tenant. + 1. Sign in to the [Azure portal](https://portal.azure.com). + 2. Select **Azure Active Directory > Enterprise Applications**. + 3. Select the application you'd like to offboard. + 4. Select the **Delete** button. -2. In the navigation pane, select **Settings** > **Onboarding**. - -3. Turn off the third-party solution integration. - ->[!WARNING] ->If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on machines. ## Related topics - [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)