diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 3107054c50..2c283921d7 100644 --- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -29,7 +29,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). -### Onboard and monitor endpoints +### Onboard and monitor endpoints using the classic Intune console 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): @@ -98,6 +98,53 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V > - The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated. > - Configuration of telemetry reporting frequency is only available for machines on Windows 10, version 1703. +### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher + +1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): + + a. Select **Endpoint Management** on the **Navigation pane**. + + b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file. + + ![Endpoint onboarding](images/atp-mdm-onboarding-package.png) + +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*. + +3. Login to the [Microsoft Azure portal](https://portal.azure.com). + +4. From the Intune blade, choose **Device configuration**. + + ![Image of device configuration menu in Microsoft Azure](images/atp-azure-intune-device-config.png) + +5. Under **Manage**, choose **Profiles** and click **Create Profile**. + + ![Image of policy creation in Azure](images/atp-azure-intune-create-profile.png) + +4. Type a name, description and choose **Windows 10 and later** as the Platform and **Windows Defender ATP (Windows 10 Desktop)** as the Profile type. + + ![Image of naming a policy](images/atp-azure-intune-create-policy-configure.png) + +7. Click **Settings** > **Configure**. + + ![Image of settings](images/atp-azure-intune-settings-configure.png) + +8. Click the folder icon and select the WindowsDefenderATP.onboarding file you extracted earlier. Configure whether you want to allow sample collection from endpoints for [Deep Analysis](investigate-files-windows-defender-advanced-threat-protection.md) by choosing **All**, or disable this feature by choosing **None**. When complete, click **OK**. + + ![Image of configuration settings](images/atp-azure-intune-configure.png) + +9. Click **Create**. + + ![Image of profile creation](images/atp-azure-intune-create.png) + +10. Search for and select the Group you want to apply the Configuration Policy to, then click **Select**. + + ![Image of select groups to apply configuration policy](images/atp-azure-intune-select-group.png) + +11. Click **Save** to finish deploying the Configuration Policy. + + ![Image of the policy being saved](images/atp-azure-intune-save-policy.png) + + ### Offboard and monitor endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md index ffd50acac5..a4d71f320a 100644 --- a/windows/keep-secure/create-wip-policy-using-intune.md +++ b/windows/keep-secure/create-wip-policy-using-intune.md @@ -14,8 +14,8 @@ localizationpriority: high **Applies to:** -- Windows 10, version 1703 -- Windows 10 Mobile, version 1703 (except Microsoft Azure Rights Management, which is only available on the desktop) +- Windows 10, version 1607 and later +- Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. @@ -518,4 +518,4 @@ Optionally, if you don’t want everyone in your organization to be able to shar - [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/keep-secure/deploy-wip-policy-using-intune.md b/windows/keep-secure/deploy-wip-policy-using-intune.md index 1cd1e553df..15976bd8a0 100644 --- a/windows/keep-secure/deploy-wip-policy-using-intune.md +++ b/windows/keep-secure/deploy-wip-policy-using-intune.md @@ -14,8 +14,8 @@ localizationpriority: high # Deploy your Windows Information Protection (WIP) policy using Microsoft Azure Intune **Applies to:** -- Windows 10, version 1703 -- Windows 10 Mobile, version 1703 (except Microsoft Azure Rights Management, which is only available on the desktop) +- Windows 10, version 1607 and later +- Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. Enrollment can be done for business or personal devices, allowing the devices to use your managed apps and to sync with your managed content and information. @@ -42,4 +42,4 @@ After you’ve created your Windows Information Protection (WIP) policy, you'll - [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md) -- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) \ No newline at end of file +- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) diff --git a/windows/keep-secure/images/atp-azure-intune-category.png b/windows/keep-secure/images/atp-azure-intune-category.png new file mode 100644 index 0000000000..3691b59d4c Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-category.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-configure.png b/windows/keep-secure/images/atp-azure-intune-configure.png new file mode 100644 index 0000000000..63f79cbca8 Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-configure.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-create-policy-configure.png b/windows/keep-secure/images/atp-azure-intune-create-policy-configure.png new file mode 100644 index 0000000000..c10925962a Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-create-policy-configure.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-create-policy-name.png b/windows/keep-secure/images/atp-azure-intune-create-policy-name.png new file mode 100644 index 0000000000..193d2c09e5 Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-create-policy-name.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-create-policy.png b/windows/keep-secure/images/atp-azure-intune-create-policy.png new file mode 100644 index 0000000000..f095a6489e Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-create-policy.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-create-profile.png b/windows/keep-secure/images/atp-azure-intune-create-profile.png new file mode 100644 index 0000000000..9c41b16d73 Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-create-profile.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-create.png b/windows/keep-secure/images/atp-azure-intune-create.png new file mode 100644 index 0000000000..ccfb5a2155 Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-create.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-device-config.png b/windows/keep-secure/images/atp-azure-intune-device-config.png new file mode 100644 index 0000000000..4d1885054b Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-device-config.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-save-policy.png b/windows/keep-secure/images/atp-azure-intune-save-policy.png new file mode 100644 index 0000000000..e22db5b21e Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-save-policy.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-save.png b/windows/keep-secure/images/atp-azure-intune-save.png new file mode 100644 index 0000000000..3d28d1d2d8 Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-save.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-select-group.png b/windows/keep-secure/images/atp-azure-intune-select-group.png new file mode 100644 index 0000000000..d81a7b351e Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-select-group.png differ diff --git a/windows/keep-secure/images/atp-azure-intune-settings-configure.png b/windows/keep-secure/images/atp-azure-intune-settings-configure.png new file mode 100644 index 0000000000..92dde3043d Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune-settings-configure.png differ diff --git a/windows/keep-secure/images/atp-azure-intune.png b/windows/keep-secure/images/atp-azure-intune.png new file mode 100644 index 0000000000..63cf2d1ddf Binary files /dev/null and b/windows/keep-secure/images/atp-azure-intune.png differ diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md index 27d6a611ae..18971e3fe1 100644 --- a/windows/keep-secure/limitations-with-wip.md +++ b/windows/keep-secure/limitations-with-wip.md @@ -14,8 +14,8 @@ localizationpriority: high **Applies to:** -- Windows 10, version 1703 -- Windows 10 Mobile +- Windows 10, version 1607 and later +- Windows 10 Mobile, version 1607 and later This table provides info about the most common problems you might encounter while running WIP in your organization.