mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 20:33:42 +00:00
Merge branch 'master' into v-gmoor-for-pr-4313
This commit is contained in:
Gary Moore
GitHub
@ -7,20 +7,20 @@ ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: manikadhiman
|
||||
ms.date:
|
||||
ms.reviewer:
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
---
|
||||
|
||||
# Enroll a Windows 10 device automatically using Group Policy
|
||||
|
||||
Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
|
||||
Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
|
||||
|
||||
The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
|
||||
|
||||
Requirements:
|
||||
- AD-joined PC running Windows 10, version 1709 or later
|
||||
- The enterprise has configured a mobile device management (MDM) service
|
||||
- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
|
||||
- The enterprise has configured a mobile device management (MDM) service
|
||||
- The on-premises AD must be [integrated with Azure AD (via Azure AD Connect)](https://docs.microsoft.com/azure/architecture/reference-architectures/identity/azure-ad)
|
||||
- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
|
||||
- The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
|
||||
|
||||
@ -33,7 +33,7 @@ Requirements:
|
||||
The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically Azure AD–registered.
|
||||
|
||||
> [!NOTE]
|
||||
> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
|
||||
> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
|
||||
|
||||
When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
|
||||
|
||||
@ -42,13 +42,13 @@ In Windows 10, version 1709 or later, when the same policy is configured in GP a
|
||||
For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices.
|
||||
|
||||
## Verify auto-enrollment requirements and settings
|
||||
To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
|
||||
To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
|
||||
The following steps demonstrate required settings using the Intune service:
|
||||
1. Verify that the user who is going to enroll the device has a valid Intune license.
|
||||
|
||||
|
||||
|
||||
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal).
|
||||
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal).
|
||||
|
||||
|
||||
|
||||
@ -80,7 +80,7 @@ The following steps demonstrate required settings using the Intune service:
|
||||
|
||||
|
||||
|
||||
7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
|
||||
7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
|
||||
You may contact your domain administrators to verify if the group policy has been deployed successfully.
|
||||
|
||||
8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal).
|
||||
@ -95,12 +95,12 @@ This procedure is only for illustration purposes to show how the new auto-enroll
|
||||
|
||||
Requirements:
|
||||
- AD-joined PC running Windows 10, version 1709 or later
|
||||
- Enterprise has MDM service already configured
|
||||
- Enterprise has MDM service already configured
|
||||
- Enterprise AD must be registered with Azure AD
|
||||
|
||||
1. Run GPEdit.msc
|
||||
|
||||
Click Start, then in the text box type gpedit.
|
||||
Click Start, then in the text box type gpedit.
|
||||
|
||||
|
||||
|
||||
@ -110,7 +110,7 @@ Requirements:
|
||||
|
||||
|
||||
|
||||
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
|
||||
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
|
||||
|
||||
> [!NOTE]
|
||||
> **Device Credential** Credential Type will also work, however, it is not yet supported for MDM solutions (including Intune). We don't recommend using this option until support is announced.
|
||||
@ -120,11 +120,11 @@ Requirements:
|
||||
5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
|
||||
|
||||
> [!NOTE]
|
||||
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later.
|
||||
> The default behavior for older releases is to revert to **User Credential**.
|
||||
> **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device.
|
||||
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later.
|
||||
> The default behavior for older releases is to revert to **User Credential**.
|
||||
> **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device.
|
||||
|
||||
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
|
||||
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
|
||||
|
||||
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
|
||||
|
||||
@ -153,11 +153,11 @@ Requirements:
|
||||
|
||||
2. Under **Best match**, click **Task Scheduler** to launch it.
|
||||
|
||||
3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
|
||||
3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
|
||||
|
||||
|
||||
|
||||
To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
|
||||
To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
|
||||
|
||||
If the device enrollment is blocked, your IT admin may have enabled the **Disable MDM Enrollment** policy. Note that the GPEdit console does not reflect the status of policies set by your IT admin on your device. It is only used by the user to set policies.
|
||||
|
||||
@ -172,39 +172,39 @@ Requirements:
|
||||
> [!IMPORTANT]
|
||||
> If you do not see the policy, it may be because you don't have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, use the following procedures. Note that the latest MDM.admx is backwards compatible.
|
||||
|
||||
1. Download:
|
||||
|
||||
1. Download:
|
||||
|
||||
- 1803 --> [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880)
|
||||
|
||||
|
||||
- 1809 --> [Administrative Templates (.admx) for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576)
|
||||
|
||||
|
||||
- 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
|
||||
|
||||
|
||||
- 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](
|
||||
https://www.microsoft.com/download/confirmation.aspx?id=1005915)
|
||||
|
||||
|
||||
- 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
|
||||
|
||||
|
||||
2. Install the package on the Domain Controller.
|
||||
|
||||
|
||||
3. Navigate, depending on the version to the folder:
|
||||
|
||||
|
||||
- 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**
|
||||
|
||||
|
||||
- 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**
|
||||
|
||||
|
||||
- 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3**
|
||||
|
||||
|
||||
- 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)**
|
||||
|
||||
- 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
|
||||
|
||||
|
||||
- 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
|
||||
|
||||
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
|
||||
|
||||
5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**.
|
||||
|
||||
|
||||
5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**.
|
||||
|
||||
If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
|
||||
|
||||
|
||||
6. Restart the Domain Controller for the policy to be available.
|
||||
|
||||
This procedure will work for any future version as well.
|
||||
@ -218,7 +218,7 @@ This procedure will work for any future version as well.
|
||||
4. Filter using Security Groups.
|
||||
|
||||
## Troubleshoot auto-enrollment of devices
|
||||
Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device.
|
||||
Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device.
|
||||
|
||||
To collect Event Viewer logs:
|
||||
|
||||
@ -254,12 +254,12 @@ To collect Event Viewer logs:
|
||||
|
||||
Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
|
||||
|
||||
If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
|
||||
If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
|
||||
One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
|
||||
|
||||
|
||||
|
||||
By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
|
||||
By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
|
||||
A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
|
||||
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 75 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 45 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 72 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 72 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 42 KiB |
@ -12,7 +12,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: manikadhiman
|
||||
ms.date: 11/15/2017
|
||||
ms.date: 11/19/2020
|
||||
---
|
||||
|
||||
# MDM enrollment of Windows 10-based devices
|
||||
@ -248,33 +248,6 @@ To create a local account and connect the device:
|
||||
|
||||
After you complete the flow, your device will be connected to your organization’s MDM.
|
||||
|
||||
|
||||
### Connect to MDM on a phone (enroll in device management)
|
||||
|
||||
1. Launch the Settings app, and then select **Accounts**.
|
||||
|
||||
|
||||
|
||||
2. Select **Access work or school**.
|
||||
|
||||
|
||||
|
||||
3. Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
|
||||
|
||||
|
||||
|
||||
4. Enter your work email address.
|
||||
|
||||
|
||||
|
||||
5. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information.
|
||||
|
||||
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
|
||||
|
||||
6. After you complete the flow, your device will be connected to your organization’s MDM.
|
||||
|
||||
|
||||
|
||||
### Help with connecting personally-owned devices
|
||||
|
||||
There are a few instances where your device may not be able to connect to work.
|
||||
|
||||
@ -75,9 +75,6 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
|
||||
|
||||
If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (`<![CDATA[...]]>`) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator.
|
||||
|
||||
> [!NOTE]
|
||||
> There is currently a reporting issue in the Microsoft Endpoint Manager (MEM) console which results in the setting reporting back a 'Remediation failed' (0x87d1fde8) error, even when the setting is successfully applied. To verify whether the setting has applied successfully, check the local Windows 10 device: Event Viewer>Applications and Services Logs<Microsoft>Windows>DeviceManagement-Enterprise-Diagnostics-Provider>Admin>Event ID 814. This issue is the result of the use of the CDATA tags, which are neccesary when more than a single entry is required. If there is only a single entry, the CDATA tags can be omitted - which will resolve the reporting false positive.
|
||||
|
||||
> [!NOTE]
|
||||
> `` is the entity encoding of 0xF000.
|
||||
|
||||
@ -87,7 +84,7 @@ For example, the following syntax grants user rights to Authenticated Users and
|
||||
<![CDATA[Authenticated UsersReplicator]]>
|
||||
```
|
||||
|
||||
For example, the following syntax grants user rights to two specific users from Contoso, user1 and user2:
|
||||
For example, the following syntax grants user rights to two specific Azure Active Directory (AAD) users from Contoso, user1 and user2:
|
||||
|
||||
```xml
|
||||
<![CDATA[AzureAD\user1@contoso.comAzureAD\user2@contoso.com]]>
|
||||
|
||||
@ -10,11 +10,11 @@ ms.sitesec: library
|
||||
ms.localizationpriority: high
|
||||
audience: ITPro
|
||||
author: linque1
|
||||
ms.author: obezeajo
|
||||
ms.author: robsize
|
||||
manager: robsize
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 7/7/2020
|
||||
ms.date: 12/1/2020
|
||||
---
|
||||
|
||||
# Manage connections from Windows 10 operating system components to Microsoft services
|
||||
|
||||
@ -50,14 +50,14 @@ To have your company listed as a partner in the in-product partner page, you wil
|
||||
4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. Wait for at least 10 days for the review process to be done.
|
||||
5. If you use a multi-tenant Azure AD approach, we will need the Azure AD application name to track usage of the application.
|
||||
6. Include the User-Agent field in each API call made to Microsoft Defender for Endpoint public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).
|
||||
Follow these steps:
|
||||
1. Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender ATP-integrated product with the version of the product that includes this integration.
|
||||
- ISV Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{Version}`
|
||||
- Security partner Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{TenantID}`
|
||||
|
||||
2. Set the User-Agent field in each HTTP request header to the name based on the above nomenclature.
|
||||
For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43). For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
|
||||
- Set the User-Agent field in each HTTP request header to the name based on the Following nomenclature.
|
||||
|
||||
- `MsdePartner-{CompanyName}-{ProductName}/{Version}`
|
||||
|
||||
- For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
|
||||
|
||||
- For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43).
|
||||
|
||||
Partnerships with Microsoft Defender for Endpoint help our mutual customers to further streamline, integrate, and orchestrate defenses. We are happy that you chose to become a Microsoft Defender for Endpoint partner and to achieve our common goal of effectively protecting customers and their assets by preventing and responding to modern threats together.
|
||||
|
||||
|
||||
@ -54,7 +54,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
|
||||
> [!NOTE]
|
||||
> This feature is available in version 100.90.70 or newer.
|
||||
|
||||
This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
|
||||
This feature is enabled by default on the `Dogfood` and `InsiderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
|
||||
|
||||
```bash
|
||||
mdatp config real-time-protection-statistics --value enabled
|
||||
@ -78,16 +78,63 @@ The following steps can be used to troubleshoot and mitigate these issues:
|
||||
To collect current statistics, run:
|
||||
|
||||
```bash
|
||||
mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file
|
||||
mdatp diagnostic real-time-protection-statistics --output json > real_time_protection.json
|
||||
```
|
||||
> [!NOTE]
|
||||
> Using ```--output json``` (note the double dash) ensures that the output format is ready for parsing.
|
||||
|
||||
The output of this command will show all processes and their associated scan activity.
|
||||
|
||||
3. On your Linux system, download the sample Python parser **high_cpu_parser.py** using the command:
|
||||
|
||||
```bash
|
||||
wget -c https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/diagnostic/high_cpu_parser.py
|
||||
```
|
||||
The output of this command should be similar to the following:
|
||||
|
||||
```Output
|
||||
--2020-11-14 11:27:27-- https://raw.githubusercontent.com/microsoft.mdatp-xplat/master/linus/diagnostic/high_cpu_parser.py
|
||||
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.xxx.xxx
|
||||
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)| 151.101.xxx.xxx| :443... connected.
|
||||
HTTP request sent, awaiting response... 200 OK
|
||||
Length: 1020 [text/plain]
|
||||
Saving to: 'high_cpu_parser.py'
|
||||
|
||||
100%[===========================================>] 1,020 --.-K/s in 0s
|
||||
```
|
||||
4. Next, type the following commands:
|
||||
```bash
|
||||
chmod +x high_cpu_parser.py
|
||||
```
|
||||
```bash
|
||||
cat real_time_protection.json | python high_cpu_parser.py > real_time_protection.log
|
||||
```
|
||||
|
||||
The output of this command will show all processes and their associated scan activity. To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
|
||||
The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is te process name, and the last column is the number of scanned files, sorted by impact.
|
||||
|
||||
For example, the output of the command will be something like the below:
|
||||
|
||||
> [!NOTE]
|
||||
```Output
|
||||
... > python ~/repo/mdatp-xplat/linux/diagnostic/high_cpu_parser.py <~Downloads/output.json | head -n 10
|
||||
27432 None 76703
|
||||
73467 actool 1249
|
||||
73914 xcodebuild 1081
|
||||
73873 bash 1050
|
||||
27475 None 836
|
||||
1 launchd 407
|
||||
73468 ibtool 344
|
||||
549 telemetryd_v1 325
|
||||
4764 None 228
|
||||
125 CrashPlanService 164
|
||||
```
|
||||
|
||||
To improve the performance of Defender for Endpoint for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
|
||||
|
||||
>[!NOTE]
|
||||
> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
|
||||
|
||||
3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
|
||||
5. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
|
||||
|
||||
For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md).
|
||||
|
||||
4. Configure Defender for Endpoint for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
|
||||
|
||||
For more details, see [Configure and validate exclusions for Defender for Endpoint for Linux](linux-exclusions.md).
|
||||
|
||||
@ -91,6 +91,12 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
|
||||
|
||||
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
|
||||
|
||||
> [!NOTE]
|
||||
> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
|
||||
> Example:<br/>
|
||||
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/>
|
||||
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/>
|
||||
|
||||
3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
|
||||
|
||||
`Get-Service -Name windefend`
|
||||
|
||||
@ -139,7 +139,7 @@ You can prevent further propagation of an attack in your organization by banning
|
||||
|
||||
>[!IMPORTANT]
|
||||
>
|
||||
>- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md).
|
||||
>- This feature is available if your organization uses Microsoft Defender Antivirus and Cloud–delivered protection is enabled. For more information, see [Manage cloud–delivered protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md).
|
||||
>
|
||||
>- The Antimalware client version must be 4.18.1901.x or later.
|
||||
>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
|
||||
|
||||
@ -87,6 +87,12 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
|
||||
|
||||
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
|
||||
|
||||
> [!NOTE]
|
||||
> When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
|
||||
> Example:<br/>
|
||||
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<br/>
|
||||
> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender`<br/>
|
||||
|
||||
3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
|
||||
|
||||
`Get-Service -Name windefend`
|
||||
|
||||
Reference in New Issue
Block a user