diff --git a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index 2eca639f34..f26c6bad44 100644 --- a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -49,22 +49,14 @@ To onboard your servers to Windows Defender ATP, you’ll need to: 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603). 2. Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the server: - - [Manually install the agent using setup](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup) - On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics (OMS). + - [Manually install the agent using setup](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup)
+ On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**. - [Install the agent using the command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script). 3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings). Once completed, you should see onboarded servers in the portal within an hour. - -### Offboard server endpoints -To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP. -For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent). - ->[!NOTE] ->Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months. - ### Configure server endpoint proxy and Internet connectivity settings - Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway). - If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service: @@ -80,3 +72,11 @@ For more information, see [To disable an agent](https://docs.microsoft.com/en-us | winatp-gw-neu.microsoft.com | 443 | | winatp-gw-weu.microsoft.com | 443 | + +### Offboard server endpoints +To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP. +For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent). + +>[!NOTE] +>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months. + diff --git a/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png b/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png index ccb1bd50cf..07fa544f73 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png and b/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png differ