From bea2377880df8bc689e9b1d7ef5c30e444eb587c Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Thu, 30 Jan 2020 17:57:50 +0200 Subject: [PATCH 1/2] Update configure-endpoints-sccm.md The suggested changes will help customers who are onboarding via SCCM and struggle with onboarding issues --- .../microsoft-defender-atp/configure-endpoints-sccm.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index 60b3f33af2..0fa8689019 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -72,6 +72,13 @@ You can use existing System Center Configuration Manager functionality to create >[!TIP] > After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md). +> +> Note that it is possible to create a detection rule within SCCM to continuously check if a machine has been onboarded. +> If a machine is not yet onboarded (due to pending OOBE completion or any other reason), SCCM will retry to onboard the machine until the rule detects the status change. +This can be accomplished by creating a detection rule checking if the "OnboardingState" registry value (of type REG_DWORD) = 1. +> The above registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status". +Refer to the following SCCM article for more information: https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule + ### Configure sample collection settings For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Microsoft Defender Security Center to submit a file for deep analysis. From f2b38138038c3bd171cc9324344b51a583b56fdb Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Mon, 3 Feb 2020 19:33:14 +0200 Subject: [PATCH 2/2] Update configure-endpoints-sccm.md --- .../microsoft-defender-atp/configure-endpoints-sccm.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index 0fa8689019..39efd7a086 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -73,11 +73,11 @@ You can use existing System Center Configuration Manager functionality to create >[!TIP] > After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md). > -> Note that it is possible to create a detection rule within SCCM to continuously check if a machine has been onboarded. -> If a machine is not yet onboarded (due to pending OOBE completion or any other reason), SCCM will retry to onboard the machine until the rule detects the status change. +> Note that it is possible to create a detection rule within ConfigMgr to continuously check if a machine has been onboarded. +> If a machine is not yet onboarded (due to pending OOBE completion or any other reason), ConfigMgr will retry to onboard the machine until the rule detects the status change.
This can be accomplished by creating a detection rule checking if the "OnboardingState" registry value (of type REG_DWORD) = 1. -> The above registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status". -Refer to the following SCCM article for more information: https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule +> This registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status". +Refer to the following ConfigMgr article for more information: https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule ### Configure sample collection settings