From 7a6d5a00ca46d41b387f67b50d30eedbfe31b57e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 12 Sep 2018 11:10:26 -0700 Subject: [PATCH] update proxy server steps --- ...ows-defender-advanced-threat-protection.md | 48 ++++++++++--------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index d9a8498c73..a0893744f1 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -10,15 +10,13 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 05/29/2018 +ms.date: 09/12/2018 --- # Configure machine proxy and Internet connectivity settings **Applies to:** - - - Windows Defender Advanced Threat Protection (Windows Defender ATP) @@ -46,18 +44,24 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe ## Configure the proxy server manually using a registry-based static proxy Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report diagnostic data and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. -The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**. +The static proxy is configurable through Group Policy (GP). The group policy can be found under: +- Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service + - Set it to **Enabled** and select **Disable Authenticated Proxy usage**: + ![Image of Group Policy setting](images/atp-gpo-proxy1.png) +- **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**: + - Configure the proxy:
+ ![Image of Group Policy setting](images/atp-gpo-proxy2.png) -The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`. + The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`. -The registry value `TelemetryProxyServer` takes the following string format: + The registry value `TelemetryProxyServer` takes the following string format: -```text -: -``` -For example: 10.0.0.6:8080 + ```text + : + ``` + For example: 10.0.0.6:8080 -The registry value `DisableEnterpriseAuthProxy` should be set to 1. + The registry value `DisableEnterpriseAuthProxy` should be set to 1. ## Configure the proxy server manually using netsh command @@ -88,9 +92,9 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Service location | Microsoft.com DNS record :---|:--- Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com``` -European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com``` -United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com``` -United States | ```us.vortex-win.data.microsoft.com```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` +US | ```us.vortex-win.data.microsoft.com```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` +Europe | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com``` +UK | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com``` If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. @@ -124,14 +128,14 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover 6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.

The tool checks the connectivity of Windows Defender ATP service URLs that Windows Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Windows Defender ATP services. For example: - ```text - Testing URL : https://xxx.microsoft.com/xxx - 1 - Default proxy: Succeeded (200) - 2 - Proxy auto discovery (WPAD): Succeeded (200) - 3 - Proxy disabled: Succeeded (200) - 4 - Named proxy: Doesn't exist - 5 - Command line proxy: Doesn't exist - ``` + ```text + Testing URL : https://xxx.microsoft.com/xxx + 1 - Default proxy: Succeeded (200) + 2 - Proxy auto discovery (WPAD): Succeeded (200) + 3 - Proxy disabled: Succeeded (200) + 4 - Named proxy: Doesn't exist + 5 - Command line proxy: Doesn't exist + ``` If at least one of the connectivity options returns a (200) status, then the Windows Defender ATP client can communicate with the tested URL properly using this connectivity method.