deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update table based on naama feedback, add line break

Browse Source
This commit is contained in:
Joey Caparas 2016-07-13 18:35:32 +10:00
parent 33fbbd92c1
commit 78d6f70d76
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
View File

@ -34,6 +34,7 @@ Windows Defender ATP supports the following deployment tools and methods:
System Center Configuration Manager (current branch) version 1606, currently in technical preview, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information see, the [Support for Windows Defender Advanced Threat Protection service](https://technet.microsoft.com/en-us/library/mt706220.aspx) section.
## Configure endpoints with System Center 2012 Configuration Manager or later versions
You can use System Center Configuration Managers existing functionality to create a policy to configure you endpoints. This is supported in System Center 2012 Configuration Manager or later versions, including: System Center 2012 R2 Configuration Manager, System Center Configuration Manager and System Center Configuration Manager (current branch), version 1602 or earlier.
1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
@ -41,7 +42,7 @@ System Center Configuration Manager (current branch) version 1606, currently in
b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.onboarding*.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
@ -50,9 +51,9 @@ System Center Configuration Manager (current branch) version 1606, currently in
a. Choose a predefined device collection to deploy the package to.
## Configure endpoints with Group Policy
Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service.
> **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later.
> **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later.
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
@ -60,7 +61,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf
b. Select **Group Policy**, click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.onboarding*.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
@ -72,7 +73,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf
7. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box.
8. Go to the **Actions** tab and click **New...** Ensure that **Start a program** is selected in the **Action** field. Enter the file name and location of the shared *WindowsDefenderATPOnboardingScript.onboarding* file.
8. Go to the **Actions** tab and click **New...** Ensure that **Start a program** is selected in the **Action** field. Enter the file name and location of the shared *WindowsDefenderATPOnboardingScript.cmd* file.
9. Click **OK** and close any open GPMC windows.
@ -88,7 +89,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
b. Select **Microsoft Intune**, click **Download package** and save the .zip file.
2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.onboarding*.
2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingInformation.mdm*.
3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
@ -126,7 +127,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
b. Select **Local Script**, click **Download package** and save the .zip file.
2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.onboarding*.
2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
3. Open an elevated command-line prompt on the endpoint and run the script:
@ -136,7 +137,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
4. Type the location of the script file. If you copied the file to the desktop, type: *`%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.onboarding`*
4. Type the location of the script file. If you copied the file to the desktop, type: *`%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd`*
5. Press the **Enter** key or click **OK**.

BIN
windows/keep-secure/images/oma-uri.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 56 KiB

After

Width:  |  Height:  |  Size: 168 KiB