diff --git a/.gitignore b/.gitignore index b16bde70d6..643bf6e6c0 100644 --- a/.gitignore +++ b/.gitignore @@ -5,9 +5,6 @@ obj/ _site/ Tools/NuGet/ .optemp/ -.sln -.suo - .openpublishing.build.mdproj .openpublishing.buildcore.ps1 diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index 3fa9537fcd..c5e38182d4 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -14,8 +14,6 @@ author: mjcaparas **Applies to** - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -39,7 +37,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 6. Choose to enable or disable sample sharing from your endpoints. -## Configure sample collection settings with System Center Configuration Manager +## Configure sample collection settings with Configuration Manager TBA diff --git a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md index 5b6df19735..6cc137aa42 100644 --- a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Use Group Policy to deploy the configuration package or do manual r keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: deploy +ms.mktglfcycl: ms.sitesec: library author: mjcaparas --- @@ -12,53 +12,25 @@ author: mjcaparas # Configure Windows Defender ATP endpoints (client onboarding) - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can configure endpoints by using a System Center Configuration Manager (SCCM) or Group Policy Management Console (GPMC) configuration package, or by running an automated script. - -## Configure with System Center Configuration Manager (SCCM) - -1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name ((I can't download it)) - - a. Click **Client onboarding** on the **Navigation pane**. - - b. Select **SCCM**, click **Download package**, and save the .zip file. - > **Note**   It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared. - -2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. - -3. In the SCCM console, go to **Software Library**. - -4. Under **Application Management**, right-click **Packages** and select **Import**. - -5. Click **Browse** and choose the package that was downloaded from the portal (zip file). - -6. The package will appear under the Packages page. - -7. Right-click the Package and choose deploy. - -8. Choose a predefined device collection to deploy the package to. - -Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) +You can use a Group Policy (GP) configuration package or an automated script to configure endpoints. You can deploy the GP configuration package or script with a GP update, or manually through the command line. ## Configure with Group Policy Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service. > **Note**   To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 TAP. -1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): +1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): a. Click **Client onboarding** on the **Navigation pane**. - b. Select **GP**, click **Download package**, and save the .zip file. - > **Note**   It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared. - + b. Select **GP**, click **Download package** and save the .zip file. + 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called _*OptionalParamsPolicy*_ and the file _*WindowsATPOnboardingPackage.cmd*_. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc753298.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**. @@ -74,6 +46,27 @@ Using the GP configuration package ensures your endpoints will be correctly conf For additional settings, see the [Additional configuration settings section](additional-configuration-windows-advanced-threat-protection.md). +## Configure with System Center Configuration Manager (SCCM) + +1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name + + a. Click **Client onboarding** on the **Navigation pane**. + + b. Select **SCCM**, click **Download package**, and save the .zip file. Iaan: Need to confirm the UI for this + +2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. + +Iaan: Will confirm ui for this + +3. In the SCCM console, go to **Software Library**. +4. Under **Application Management**, right-click **Packages** and select **Import**. +5. Click **Browse** and choose the package that was downloaded from the portal (zip file). +6. The package will appear under the Packages page. +7. Right-click the Package and choose deploy. +8. Choose a predefined device collection to deploy the package to. + +Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) + ## Configure endpoints manually with registry changes You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. @@ -90,7 +83,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You ![Window Start menu pointing to Run as administrator](images/run-as-admin.png) 3. Type the location of the script file. If you copied the file the - desktop, type: *```%userprofile%\Desktop\WindowsATPOnboardingScript.sc```* + desktop, type:```*%userprofile%\Desktop\WindowsATPOnboardingScript.sc*``` 4. Press the **Enter** key or click **OK**. diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index 6d4a18f344..c483bf1efd 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -13,8 +13,6 @@ ms.sitesec: library **Applies to** - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -59,9 +57,9 @@ disabled you can turn it on by following the instructions in the ### Deployment channel operating system requirements -You can choose to onboard endpoints with System Center Configuration Manager (SCCM) or a scheduled Group Policy +You can choose to onboard endpoints with a scheduled Group Policy (GP) update (using a GP package that you -download from the portal or during the service onboarding wizard). You can also apply +download from the portal or during the service onboarding wizard) or manual registry changes. The following describes the minimum operating system or software version @@ -69,7 +67,6 @@ required for each deployment channel. Deployment channel | Minimum server requirements :---|:--- -System Center Configuration Manager | **WHAT VERSIONS** Group Policy settings | Windows Server 2008 R2 Manual registry modifications | No minimum requirements diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index 82da79a4c0..0a95b9131a 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -12,7 +12,6 @@ author: mjcaparas # Monitor the Windows Defender Advanced Threat Protection onboarding - Windows 10 Insider Preview -- System Center Configuration Manager [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] diff --git a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md index 63f28c3c31..3d31d3693d 100644 --- a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md +++ b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md @@ -14,8 +14,6 @@ author: mjcaparas **Applies to** - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -26,7 +24,7 @@ There are two stages to onboarding: 1. Set up user access in AAD and use a wizard to create a dedicated cloud instance for your network (known as “service onboarding”). -2. Add endpoints to the service with System Center Configuration Manager, scheduled GP updates, or manual +2. Add endpoints to the service with scheduled GP updates or manual registry changes (known as “endpoint onboarding”). ## In this section diff --git a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md index 3f7ffc708a..92e31985a1 100644 --- a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Assign users to the Windows Defender ATP service application in Azu keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: deploy +ms.mktglfcycl: ms.sitesec: library author: mjcaparas --- @@ -12,7 +12,6 @@ author: mjcaparas # Windows Defender ATP service onboarding - Windows 10 Insider Preview -- Azure Active Directory [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]