deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Various corrections to layout

Browse Source 
Second-level list items often do not correctly get a hanging indentation unless automatic number (1, 1, 1) is used.

When a list is not sequential, it should use bullets not a number/letter sequence.
This commit is contained in:
Gary Moore 2021-02-16 18:19:10 -08:00
parent 114959efee
commit 867d8bd2bc
1 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
View File

@ -34,7 +34,7 @@ ms.technology: mde
> [!NOTE] > [!NOTE]
> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
>
> For Windows Server 2019, you may need to replace NT AUTHORITY\Well-Known-System-Account with NT AUTHORITY\SYSTEM of the XML file that the Group Policy preference creates. > For Windows Server 2019, you may need to replace NT AUTHORITY\Well-Known-System-Account with NT AUTHORITY\SYSTEM of the XML file that the Group Policy preference creates.
## Onboard devices using Group Policy ## Onboard devices using Group Policy
@ -48,13 +48,13 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
a. In the navigation pane, select **Settings** > **Onboarding**. 1. In the navigation pane, select **Settings** > **Onboarding**.
b. Select Windows 10 as the operating system. 1. Select Windows 10 as the operating system.
c. In the **Deployment method** field, select **Group policy**. 1. In the **Deployment method** field, select **Group policy**.
d. Click **Download package** and save the .zip file. 1. Click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
@ -84,16 +84,16 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
1. On your GP management device, copy the following files from the 1. On your GP management device, copy the following files from the
configuration package: configuration package:
a. Copy _AtpConfiguration.admx_ into _C:\\Windows\\PolicyDefinitions_ - Copy _AtpConfiguration.admx_ into _C:\\Windows\\PolicyDefinitions_
b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ - Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_
If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the
configuration package: configuration package:
a. Copy _AtpConfiguration.admx_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions_ - Copy _AtpConfiguration.admx_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions_
b. Copy _AtpConfiguration.adml_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions\\en-US_ - Copy _AtpConfiguration.adml_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions\\en-US_
2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**. 2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**.
@ -123,13 +123,14 @@ Policy | Setting
:---|:--- :---|:---
Enable\Disable Sample collection| Enabled - "Enable sample collection on machines" checked Enable\Disable Sample collection| Enabled - "Enable sample collection on machines" checked
<br/>
**Policy location:** \Windows Components\Windows Defender Antivirus **Policy location:** \Windows Components\Windows Defender Antivirus
Policy | Setting Policy | Setting
:---|:--- :---|:---
Configure detection for potentially unwanted applications | Enabled, Block Configure detection for potentially unwanted applications | Enabled, Block
<br/>
**Policy location:** \Windows Components\Windows Defender Antivirus\MAPS **Policy location:** \Windows Components\Windows Defender Antivirus\MAPS
Policy | Setting Policy | Setting
@ -137,6 +138,7 @@ Policy | Setting
Join Microsoft MAPS | Enabled, Advanced MAPS Join Microsoft MAPS | Enabled, Advanced MAPS
Send file samples when further analysis is required | Enabled, Send safe samples Send file samples when further analysis is required | Enabled, Send safe samples
<br/>
**Policy location:** \Windows Components\Windows Defender Antivirus\Real-time Protection **Policy location:** \Windows Components\Windows Defender Antivirus\Real-time Protection
Policy | Setting Policy | Setting
@ -146,7 +148,7 @@ Turn on behavior monitoring|Enabled
Scan all downloaded files and attachments|Enabled Scan all downloaded files and attachments|Enabled
Monitor file and program activity on your computer|Enabled Monitor file and program activity on your computer|Enabled
<br/>
**Policy location:** \Windows Components\Windows Defender Antivirus\Scan **Policy location:** \Windows Components\Windows Defender Antivirus\Scan
These settings configure periodic scans of the endpoint. We recommend performing a weekly quick scan, performance permitting. These settings configure periodic scans of the endpoint. We recommend performing a weekly quick scan, performance permitting.
@ -156,15 +158,17 @@ Policy | Setting
Check for the latest virus and spyware security intelligence before running a scheduled scan |Enabled Check for the latest virus and spyware security intelligence before running a scheduled scan |Enabled
<br/>**Policy location:** \Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction
**Policy location:** \Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction
Get the current list of attack surface reduction GUIDs from [Customize attack surface reduction rules](customize-attack-surface-reduction.md) Get the current list of attack surface reduction GUIDs from [Customize attack surface reduction rules](customize-attack-surface-reduction.md)
1. Open the **Configure Attack Surface Reduction** policy. 1. Open the **Configure Attack Surface Reduction** policy.
2. Select **Enabled**.
3. Select the **Show…** button. 1. Select **Enabled**.
4. Add each GUID in the **Value Name** field with a Value of 2.
1. Select the **Show** button.
1. Add each GUID in the **Value Name** field with a Value of 2.
This will set each up for audit only. This will set each up for audit only.
@ -186,13 +190,13 @@ For security reasons, the package used to Offboard devices will expire 30 days a
1. Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): 1. Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
a. In the navigation pane, select **Settings** > **Offboarding**. 1. In the navigation pane, select **Settings** > **Offboarding**.
b. Select Windows 10 as the operating system. 1. Select Windows 10 as the operating system.
c. In the **Deployment method** field, select **Group policy**. 1. In the **Deployment method** field, select **Group policy**.
d. Click **Download package** and save the .zip file. 1. Click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
@ -218,6 +222,7 @@ For security reasons, the package used to Offboard devices will expire 30 days a
With Group Policy there isnt an option to monitor deployment of policies on the devices. Monitoring can be done directly on the portal, or by using the different deployment tools. With Group Policy there isnt an option to monitor deployment of policies on the devices. Monitoring can be done directly on the portal, or by using the different deployment tools.
## Monitor devices using the portal ## Monitor devices using the portal
1. Go to [Microsoft Defender Security Center](https://securitycenter.windows.com/). 1. Go to [Microsoft Defender Security Center](https://securitycenter.windows.com/).
2. Click **Devices list**. 2. Click **Devices list**.
3. Verify that devices are appearing. 3. Verify that devices are appearing.