mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-19 00:37:22 +00:00
more updates
This commit is contained in:
ManikaDhiman
parent
9fe3e9678b
commit
876876630d
@ -47,42 +47,43 @@ For a practical guidance on what needs to be in place for licensing and infrastr
|
||||
For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines).
|
||||
|
||||
|
||||
## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016
|
||||
## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016
|
||||
|
||||
There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP:
|
||||
You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options:
|
||||
|
||||
- **Option 1**: Onboard through Microsoft Defender Security Center
|
||||
- **Option 2**: Onboard through Azure Security Center
|
||||
- **Option 1**: [Onboard through Microsoft Defender Security Center](#option-1-onboard-windows-servers-through-microsoft-defender-security-center)
|
||||
- **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center)
|
||||
- **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later)
|
||||
|
||||
> [!NOTE]
|
||||
> Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
|
||||
> Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
|
||||
|
||||
|
||||
### Option 1: Onboard Windows servers through Microsoft Defender Security Center
|
||||
You'll need to take the following steps if you choose to onboard Windows servers through Microsoft Defender Security Center.
|
||||
Perform the following steps to onboard Windows servers through Microsoft Defender Security Center:
|
||||
|
||||
- For Windows Server 2008 R2 SP1 or Windows Server 2012 R2, ensure that you install the following hotfix:
|
||||
- [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/en-us/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
|
||||
- [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
|
||||
|
||||
- In addition, for Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
|
||||
- Install the [February monthly update rollup](https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598)
|
||||
- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
|
||||
- Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
|
||||
|
||||
- For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
|
||||
- For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
|
||||
|
||||
> [!NOTE]
|
||||
> This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2.
|
||||
|
||||
- Turn on server monitoring from Microsoft Defender Security Center.
|
||||
- [Turn on server monitoring from Microsoft Defender Security Center](#turn-on-server-monitoring-from-the-microsoft-defender-security-center-portal).
|
||||
|
||||
- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support.
|
||||
|
||||
Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
|
||||
Otherwise, [install and configure MMA to report sensor data to Microsoft Defender ATP](#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp). For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
|
||||
|
||||
> [!TIP]
|
||||
> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
|
||||
|
||||
### Configure and update System Center Endpoint Protection clients
|
||||
#### Configure and update System Center Endpoint Protection clients
|
||||
|
||||
Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
|
||||
|
||||
@ -92,21 +93,21 @@ The following steps are required to enable this integration:
|
||||
- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting.
|
||||
|
||||
|
||||
### Turn on Server monitoring from the Microsoft Defender Security Center portal
|
||||
#### Turn on Server monitoring from the Microsoft Defender Security Center portal
|
||||
|
||||
1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**.
|
||||
|
||||
2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system.
|
||||
2. Select **Windows Server 2008 R2 SP1, 2012 R2 and 2016** as the operating system.
|
||||
|
||||
3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment setup. When the setup completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
|
||||
|
||||
<span id="server-mma"/>
|
||||
|
||||
### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
|
||||
#### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
|
||||
|
||||
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
|
||||
|
||||
2. Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the Windows server:
|
||||
2. Using the Workspace ID and Workspace key obtained in the previous procedure, choose any of the following installation methods to install the agent on the Windows server:
|
||||
- [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup) <br>
|
||||
On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
|
||||
- [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script).
|
||||
@ -117,36 +118,36 @@ Once completed, you should see onboarded Windows servers in the portal within an
|
||||
|
||||
<span id="server-proxy"/>
|
||||
|
||||
### Configure Windows server proxy and Internet connectivity settings
|
||||
#### Configure Windows server proxy and Internet connectivity settings
|
||||
|
||||
- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the <a href="https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway" data-raw-source="[OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway)">OMS Gateway</a>.
|
||||
- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
|
||||
|
||||
|
||||
### Option 2: Onboard Windows servers through Azure Security Center
|
||||
1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**.
|
||||
1. In the Microsoft Defender Security Center navigation pane, select **Settings** > **Device management** > **Onboarding**.
|
||||
|
||||
2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system.
|
||||
2. Select **Windows Server 2008 R2 SP1, 2012 R2 and 2016** as the operating system.
|
||||
|
||||
3. Click **Onboard Servers in Azure Security Center**.
|
||||
|
||||
4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
|
||||
|
||||
### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later
|
||||
You can onboard Windows Server 2012 R2 and Windows Server 2016 using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
|
||||
|
||||
## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition
|
||||
To onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition, refer to the supported methods and versions below.
|
||||
You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods:
|
||||
|
||||
- [Local script](configure-endpoints-script.md)
|
||||
- [Group Policy](configure-endpoints-gp.md)
|
||||
- [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md#onboard-windows-10-devices-using-microsoft-endpoint-configuration-manager-current-branch)
|
||||
- [System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](configure-endpoints-sccm.md#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager)
|
||||
- [VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md)
|
||||
|
||||
> [!NOTE]
|
||||
> The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs).
|
||||
|
||||
Supported tools include:
|
||||
- Local script
|
||||
- Group Policy
|
||||
- Microsoft Endpoint Configuration Manager
|
||||
- System Center Configuration Manager 2012 / 2012 R2 1511 / 1602
|
||||
- VDI onboarding scripts for non-persistent devices
|
||||
|
||||
For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
|
||||
|
||||
Support for Windows Server, provide deeper insight into activities happening on the Windows server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
|
||||
|
||||
1. Configure Microsoft Defender ATP onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
|
||||
@ -174,9 +175,8 @@ Support for Windows Server, provide deeper insight into activities happening on
|
||||
```sc.exe query Windefend```
|
||||
|
||||
If the result is 'The specified service does not exist as an installed service', then you'll need to install Microsoft Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).
|
||||
|
||||
## Onboard Windows servers using Microsoft Endpoint Configuration Manager version 2002 and later
|
||||
You can onboard Windows Server 2012 R2, Windows Server 2016, Windows Server 2016, version 1803, and Windows Server 2019 using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
|
||||
|
||||
For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
|
||||
|
||||
## Integration with Azure Security Center
|
||||
Microsoft Defender ATP can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 273 KiB After Width: | Height: | Size: 273 KiB |
@ -37,7 +37,7 @@ Follow the corresponding instructions depending on your preferred deployment met
|
||||
- [Offboard devices using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-devices-using-mobile-device-management-tools)
|
||||
|
||||
## Offboard Servers
|
||||
- [Offboard servers](configure-server-endpoints.md#offboard-servers)
|
||||
- [Offboard servers](configure-server-endpoints.md#offboard-windows-servers)
|
||||
|
||||
## Offboard non-Windows devices
|
||||
- [Offboard non-Windows devices](configure-endpoints-non-windows.md#offboard-non-windows-devices)
|
||||
|
||||
@ -46,7 +46,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
|
||||
|---------|---------|
|
||||
|Windows 10 |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
|
||||
|Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)<br/><br/>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). |
|
||||
|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
|
||||
|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
|
||||
|Windows Server 2016 <br/>Windows Server 2012 R2 <br/>Windows Server 2008 R2 SP1 |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
|
||||
|macOS<br/>iOS<br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows) |
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user