mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-25 15:23:40 +00:00
Merge branch 'master' into behav-block-contain
This commit is contained in:
Denise Vangel-MSFT
@ -74,7 +74,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
|
||||
- Microsoft Remote Desktop
|
||||
|
||||
> [!NOTE]
|
||||
> Microsoft Visio, Microsoft Office Access and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
|
||||
> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning.
|
||||
|
||||
## List of WIP-work only apps from Microsoft
|
||||
Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions.
|
||||
|
||||
@ -179,108 +179,45 @@ Follow the steps below to identify the Microsoft Defender ATP Workspace ID and W
|
||||
|
||||
3. Copy the **Workspace ID** and **Workspace Key** and save them. They will be used later in the process.
|
||||
|
||||
Before the systems can be onboarded into the workspace, the deployment scripts need to be updated to contain the correct information. Failure to do so will result in the systems not being properly onboarded. Depending on the deployment method, this step may have already been completed.
|
||||
4. Install the Microsoft Monitoring Agent (MMA). <br>
|
||||
MMA is currently (as of January 2019) supported on the following Windows Operating
|
||||
Systems:
|
||||
|
||||
Edit the InstallMMA.cmd with a text editor, such as notepad and update the
|
||||
following lines and save the file:
|
||||
- Server SKUs: Windows Server 2008 SP1 or Newer
|
||||
|
||||
|
||||
- Client SKUs: Windows 7 SP1 and later
|
||||
|
||||
Edit the ConfiguerOMSAgent.vbs with a text editor, such as notepad, and update the following lines and save the file:
|
||||
The MMA agent will need to be installed on Windows devices. To install the
|
||||
agent, some systems will need to download the [Update for customer experience
|
||||
and diagnostic
|
||||
telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
|
||||
in order to collect the data with MMA. These system versions include but may not
|
||||
be limited to:
|
||||
|
||||
|
||||
- Windows 8.1
|
||||
|
||||
Microsoft Monitoring Agent (MMA) is currently (as of January 2019) supported on the following Windows Operating
|
||||
Systems:
|
||||
- Windows 7
|
||||
|
||||
- Server SKUs: Windows Server 2008 SP1 or Newer
|
||||
- Windows Server 2016
|
||||
|
||||
- Client SKUs: Windows 7 SP1 and later
|
||||
- Windows Server 2012 R2
|
||||
|
||||
The MMA agent will need to be installed on Windows devices. To install the
|
||||
agent, some systems will need to download the [Update for customer experience
|
||||
and diagnostic
|
||||
telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
|
||||
in order to collect the data with MMA. These system versions include but may not
|
||||
be limited to:
|
||||
- Windows Server 2008 R2
|
||||
|
||||
- Windows 8.1
|
||||
Specifically, for Windows 7 SP1, the following patches must be installed:
|
||||
|
||||
- Windows 7
|
||||
- Install
|
||||
[KB4074598](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
|
||||
|
||||
- Windows Server 2016
|
||||
- Install either [.NET Framework
|
||||
4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or
|
||||
later) **or**
|
||||
[KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework).
|
||||
Do not install both on the same system.
|
||||
|
||||
- Windows Server 2012 R2
|
||||
5. If you're using a proxy to connect to the Internet see the Configure proxy settings section.
|
||||
|
||||
- Windows Server 2008 R2
|
||||
|
||||
Specifically, for Windows 7 SP1, the following patches must be installed:
|
||||
|
||||
- Install
|
||||
[KB4074598](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
|
||||
|
||||
- Install either [.NET Framework
|
||||
4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or
|
||||
later) **or**
|
||||
[KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework).
|
||||
Do not install both on the same system.
|
||||
|
||||
To deploy the MMA with Microsoft Endpoint Configuration Manager, follow the steps
|
||||
below to utilize the provided batch files to onboard the systems. The CMD file
|
||||
when executed, will require the system to copy files from a network share by the
|
||||
System, the System will install MMA, Install the DependencyAgent, and configure
|
||||
MMA for enrollment into the workspace.
|
||||
|
||||
|
||||
1. In Microsoft Endpoint Configuration Manager console, navigate to **Software
|
||||
Library**.
|
||||
|
||||
2. Expand **Application Management**.
|
||||
|
||||
3. Right-click **Packages** then select **Create Package**.
|
||||
|
||||
4. Provide a Name for the package, then click **Next**
|
||||
|
||||
|
||||
|
||||
5. Verify **Standard Program** is selected.
|
||||
|
||||
|
||||
|
||||
6. Click **Next**.
|
||||
|
||||
|
||||
|
||||
7. Enter a program name.
|
||||
|
||||
8. Browse to the location of the InstallMMA.cmd.
|
||||
|
||||
9. Set Run to **Hidden**.
|
||||
|
||||
10. Set **Program can run** to **Whether or not a user is logged on**.
|
||||
|
||||
11. Click **Next**.
|
||||
|
||||
12. Set the **Maximum allowed run time** to 720.
|
||||
|
||||
13. Click **Next**.
|
||||
|
||||
|
||||
|
||||
14. Verify the configuration, then click **Next**.
|
||||
|
||||
|
||||
|
||||
15. Click **Next**.
|
||||
|
||||
16. Click **Close**.
|
||||
|
||||
17. In the Microsoft Endpoint Configuration Manager console, right-click the Microsoft Defender ATP
|
||||
Onboarding Package just created and select **Deploy**.
|
||||
|
||||
18. On the right panel select the appropriate collection.
|
||||
|
||||
19. Click **OK**.
|
||||
Once completed, you should see onboarded endpoints in the portal within an hour.
|
||||
|
||||
## Next generation protection
|
||||
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
||||
|
||||
Reference in New Issue
Block a user