deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fixed half-formed notes & tips, added image borders

Browse Source
This commit is contained in:
Gary Moore
2020-10-20 14:08:14 -07:00
committed by GitHub
parent 98bbdc6b15
commit b2fb3348bd
1 changed files with 89 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
View File

@ -72,11 +72,13 @@ needs.<br>
2. Open **Groups > New Group**. 2. Open **Groups > New Group**.
![Image of Microsoft Endpoint Manager portal](images/66f724598d9c3319cba27f79dd4617a4.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/66f724598d9c3319cba27f79dd4617a4.png)
3. Enter details and create a new group. 3. Enter details and create a new group.
![Image of Microsoft Endpoint Manager portal](images/b1e0206d675ad07db218b63cd9b9abc3.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/b1e0206d675ad07db218b63cd9b9abc3.png)
4. Add your test user or device. 4. Add your test user or device.
@ -86,7 +88,8 @@ needs.<br>
7. Find your test user or device and select it. 7. Find your test user or device and select it.
![Image of Microsoft Endpoint Manager portal](images/149cbfdf221cdbde8159d0ab72644cd0.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/149cbfdf221cdbde8159d0ab72644cd0.png)
8. Your testing group now has a member to test. 8. Your testing group now has a member to test.
@ -116,11 +119,12 @@ different types of Endpoint security policies.
![Image of Microsoft Endpoint Manager portal](images/cea7e288b5d42a9baf1aef0754ade910.png) ![Image of Microsoft Endpoint Manager portal](images/cea7e288b5d42a9baf1aef0754ade910.png)
>[!NOTE] > [!NOTE]
>In this instance, this has been auto populated as Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp). <br> The following image is an example of what you'll see when Microsoft Defender ATP is NOT integrated with Intune: <br> ![Image of Microsoft Endpoint Manager portal](images/2466460812371ffae2d19a10c347d6f4.png) > In this instance, this has been auto populated as Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp).
>
> The following image is an example of what you'll see when Microsoft Defender ATP is NOT integrated with Intune:
>
> ![Image of Microsoft Endpoint Manager portal](images/2466460812371ffae2d19a10c347d6f4.png)
6. Add scope tags if necessary, then select **Next**. 6. Add scope tags if necessary, then select **Next**.
@ -144,36 +148,43 @@ different types of Endpoint security policies.
2. Navigate to **Endpoint security > Antivirus > Create Policy**. 2. Navigate to **Endpoint security > Antivirus > Create Policy**.
![Image of Microsoft Endpoint Manager portal](images/6b728d6e0d71108d768e368b416ff8ba.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/6b728d6e0d71108d768e368b416ff8ba.png)
3. Select **Platform - Windows 10 and Later - Windows and Profile Microsoft 3. Select **Platform - Windows 10 and Later - Windows and Profile Microsoft
Defender Antivirus > Create**. Defender Antivirus > Create**.
4. Enter name and description, then select **Next**. 4. Enter name and description, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/a7d738dd4509d65407b7d12beaa3e917.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/a7d738dd4509d65407b7d12beaa3e917.png)
5. In the **Configuration settings page**: Set the configurations you require for 5. In the **Configuration settings page**: Set the configurations you require for
Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time
Protection, and Remediation). Protection, and Remediation).
![Image of Microsoft Endpoint Manager portal](images/3840b1576d6f79a1d72eb14760ef5e8c.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/3840b1576d6f79a1d72eb14760ef5e8c.png)
6. Add scope tags if necessary, then select **Next**. 6. Add scope tags if necessary, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/2055e4f9b9141525c0eb681e7ba19381.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/2055e4f9b9141525c0eb681e7ba19381.png)
7. Select groups to include, assign to your test group, then select **Next**. 7. Select groups to include, assign to your test group, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/48318a51adee06bff3908e8ad4944dc9.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/48318a51adee06bff3908e8ad4944dc9.png)
8. Review and create, then select **Create**. 8. Review and create, then select **Create**.
![Image of Microsoft Endpoint Manager portal](images/dfdadab79112d61bd3693d957084b0ec.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/dfdadab79112d61bd3693d957084b0ec.png)
9. You'll see the configuration policy you created. 9. You'll see the configuration policy you created.
![Image of Microsoft Endpoint Manager portal](images/38180219e632d6e4ec7bd25a46398da8.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/38180219e632d6e4ec7bd25a46398da8.png)
### Attack Surface Reduction Attack surface reduction rules ### Attack Surface Reduction Attack surface reduction rules
@ -186,37 +197,44 @@ different types of Endpoint security policies.
4. Select **Platform - Windows 10 and Later Profile - Attack surface reduction 4. Select **Platform - Windows 10 and Later Profile - Attack surface reduction
rules > Create**. rules > Create**.
![Image of Microsoft Endpoint Manager portal](images/522d9bb4288dc9c1a957392b51384fdd.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/522d9bb4288dc9c1a957392b51384fdd.png)
5. Enter a name and description, then select **Next**. 5. Enter a name and description, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png)
6. In the **Configuration settings page**: Set the configurations you require for 6. In the **Configuration settings page**: Set the configurations you require for
Attack surface reduction rules, then select **Next**. Attack surface reduction rules, then select **Next**.
>[!NOTE] > [!NOTE]
>We will be configuring all of the Attack surface reduction rules to Audit. > We will be configuring all of the Attack surface reduction rules to Audit.
>
> For more information, see [Attack surface reduction rules](attack-surface-reduction.md).
For more information, see [Attack surface reduction rules](attack-surface-reduction.md). > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/dd0c00efe615a64a4a368f54257777d0.png)
![Image of Microsoft Endpoint Manager portal](images/dd0c00efe615a64a4a368f54257777d0.png)
7. Add Scope Tags as required, then select **Next**. 7. Add Scope Tags as required, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png)
8. Select groups to include and assign to test group, then select **Next**. 8. Select groups to include and assign to test group, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png)
9. Review the details, then select **Create**. 9. Review the details, then select **Create**.
![Image of Microsoft Endpoint Manager portal](images/2c2e87c5fedc87eba17be0cdeffdb17f.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/2c2e87c5fedc87eba17be0cdeffdb17f.png)
10. View the policy. 10. View the policy.
![Image of Microsoft Endpoint Manager portal](images/7a631d17cc42500dacad4e995823ffef.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/7a631d17cc42500dacad4e995823ffef.png)
### Attack Surface Reduction Web Protection ### Attack Surface Reduction Web Protection
@ -228,37 +246,44 @@ different types of Endpoint security policies.
4. Select **Windows 10 and Later Web protection > Create**. 4. Select **Windows 10 and Later Web protection > Create**.
![Image of Microsoft Endpoint Manager portal](images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png)
5. Enter a name and description, then select **Next**. 5. Enter a name and description, then select **Next**.
![Image of Microsoft Endpoint Manager portal](images/5be573a60cd4fa56a86a6668b62dd808.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/5be573a60cd4fa56a86a6668b62dd808.png)
6. In the **Configuration settings page**: Set the configurations you require for 6. In the **Configuration settings page**: Set the configurations you require for
Web Protection, then select **Next**. Web Protection, then select **Next**.
>[!NOTE] > [!NOTE]
>We are configuring Web Protection to Block. > We are configuring Web Protection to Block.
>
> For more information, see [Web Protection](web-protection-overview.md).
For more information, see [Web Protection](web-protection-overview.md). > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/6104aa33a56fab750cf30ecabef9f5b6.png)
![Image of Microsoft Endpoint Manager portal](images/6104aa33a56fab750cf30ecabef9f5b6.png)
7. Add **Scope Tags as required > Next**. 7. Add **Scope Tags as required > Next**.
![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png)
8. Select **Assign to test group > Next**. 8. Select **Assign to test group > Next**.
![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png)
9. Select **Review and Create > Create**. 9. Select **Review and Create > Create**.
![Image of Microsoft Endpoint Manager portal](images/8ee0405f1a96c23d2eb6f737f11c1ae5.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/8ee0405f1a96c23d2eb6f737f11c1ae5.png)
10. View the policy. 10. View the policy.
![Image of Microsoft Endpoint Manager portal](images/e74f6f6c150d017a286e6ed3dffb7757.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/e74f6f6c150d017a286e6ed3dffb7757.png)
## Validate configuration settings ## Validate configuration settings
@ -275,26 +300,31 @@ To confirm that the configuration policy has been applied to your test device, f
1. Open the MEM portal and navigate to the relevant policy as shown in the 1. Open the MEM portal and navigate to the relevant policy as shown in the
steps above. The following example shows the next generation protection settings. steps above. The following example shows the next generation protection settings.
![Image of Microsoft Endpoint Manager portal](images/43ab6aa74471ee2977e154a4a5ef2d39.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/43ab6aa74471ee2977e154a4a5ef2d39.png)
2. Select the **Configuration Policy** to view the policy status. 2. Select the **Configuration Policy** to view the policy status.
![Image of Microsoft Endpoint Manager portal](images/55ecaca0e4a022f0e29d45aeed724e6c.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/55ecaca0e4a022f0e29d45aeed724e6c.png)
3. Select **Device Status** to see the status. 3. Select **Device Status** to see the status.
![Image of Microsoft Endpoint Manager portal](images/18a50df62cc38749000dbfb48e9a4c9b.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/18a50df62cc38749000dbfb48e9a4c9b.png)
4. Select **User Status** to see the status. 4. Select **User Status** to see the status.
![Image of Microsoft Endpoint Manager portal](images/4e965749ff71178af8873bc91f9fe525.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/4e965749ff71178af8873bc91f9fe525.png)
5. Select **Per-setting status** to see the status. 5. Select **Per-setting status** to see the status.
>[!TIP] >[!TIP]
>This view is very useful to identify any settings that conflict with another policy. >This view is very useful to identify any settings that conflict with another policy.
![Image of Microsoft Endpoint Manager portal](images/42acc69d0128ed09804010bdbdf0a43c.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager portal](images/42acc69d0128ed09804010bdbdf0a43c.png)
### Endpoint detection and response ### Endpoint detection and response
@ -302,33 +332,38 @@ To confirm that the configuration policy has been applied to your test device, f
1. Before applying the configuration, the Microsoft Defender ATP 1. Before applying the configuration, the Microsoft Defender ATP
Protection service should not be started. Protection service should not be started.
![Image of Services panel](images/b418a232a12b3d0a65fc98248dbb0e31.png) > [!div class="mx-imgBorder"]
> ![Image of Services panel](images/b418a232a12b3d0a65fc98248dbb0e31.png)
2. After the configuration has been applied, the Microsoft Defender ATP 2. After the configuration has been applied, the Microsoft Defender ATP
Protection Service should be started. Protection Service should be started.
![Image of Services panel](images/a621b699899f1b41db211170074ea59e.png) > [!div class="mx-imgBorder"]
> ![Image of Services panel](images/a621b699899f1b41db211170074ea59e.png)
3. After the services are running on the device, the device appears in Microsoft 3. After the services are running on the device, the device appears in Microsoft
Defender Security Center. Defender Security Center.
![Image of Microsoft Defender Security Center](images/df0c64001b9219cfbd10f8f81a273190.png) > [!div class="mx-imgBorder"]
> ![Image of Microsoft Defender Security Center](images/df0c64001b9219cfbd10f8f81a273190.png)
### Next-generation protection ### Next-generation protection
1. Before applying the policy on a test device, you should be able to manually 1. Before applying the policy on a test device, you should be able to manually
manage the settings as shown below. manage the settings as shown below.
![Image of setting page](images/88efb4c3710493a53f2840c3eac3e3d3.png) > [!div class="mx-imgBorder"]
> ![Image of setting page](images/88efb4c3710493a53f2840c3eac3e3d3.png)
2. After the policy has been applied, you should not be able to manually manage 2. After the policy has been applied, you should not be able to manually manage
the settings. the settings.
>[!NOTE] > [!NOTE]
> In the following image **Turn on cloud-delivered protection** and > In the following image **Turn on cloud-delivered protection** and
**Turn on real-time protection** are being shown as managed. > **Turn on real-time protection** are being shown as managed.
![Image of setting page](images/9341428b2d3164ca63d7d4eaa5cff642.png) > [!div class="mx-imgBorder"]
> ![Image of setting page](images/9341428b2d3164ca63d7d4eaa5cff642.png)
### Attack Surface Reduction Attack surface reduction rules ### Attack Surface Reduction Attack surface reduction rules
@ -337,11 +372,11 @@ To confirm that the configuration policy has been applied to your test device, f
2. This should respond with the following lines with no content: 2. This should respond with the following lines with no content:
AttackSurfaceReductionOnlyExclusions: > AttackSurfaceReductionOnlyExclusions:
>
AttackSurfaceReductionRules_Actions: > AttackSurfaceReductionRules_Actions:
>
AttackSurfaceReductionRules_Ids: > AttackSurfaceReductionRules_Ids:
![Image of command line](images/cb0260d4b2636814e37eee427211fe71.png) ![Image of command line](images/cb0260d4b2636814e37eee427211fe71.png)