mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-19 00:37:22 +00:00
update images fix acrolinx
This commit is contained in:
Joey Caparas
parent
e969850bbc
commit
c37e5f35aa
Binary file not shown.
|
Before Width: | Height: | Size: 182 KiB After Width: | Height: | Size: 200 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 199 KiB After Width: | Height: | Size: 213 KiB |
@ -23,11 +23,11 @@ ms.topic: article
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
In this section we will be using Microsoft Endpoint Manager (MEM) to deploy
|
||||
In this section, we will be using Microsoft Endpoint Manager (MEM) to deploy
|
||||
Microsoft Defender ATP to your endpoints.
|
||||
|
||||
For more information about MEM, check out the following:
|
||||
- [Microsoft Entpoint Manager page](https://docs.microsoft.com/en-us/mem/)
|
||||
For more information about MEM, check out these resources:
|
||||
- [Microsoft Endpoint Manager page](https://docs.microsoft.com/en-us/mem/)
|
||||
- [Blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)
|
||||
- [Introduction video on MEM](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace)
|
||||
|
||||
@ -36,11 +36,11 @@ This process is a multi-step process, you'll need to:
|
||||
|
||||
- Identify target devices or users
|
||||
|
||||
- Create an AAD group (User or Device)
|
||||
- Create an Azure Active Directory group (User or Device)
|
||||
|
||||
- Create a Configuration Profile
|
||||
|
||||
- In MEM we'll guide you in creating a separate policy for each feature
|
||||
- In MEM, we'll guide you in creating a separate policy for each feature
|
||||
|
||||
## Resources
|
||||
|
||||
@ -54,7 +54,7 @@ Here are the links you'll need for the rest of the process:
|
||||
- [Intune Security baselines](https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-defender-atp#microsoft-defender)
|
||||
|
||||
## Identify target devices or users
|
||||
In this section we will create a test group to assign your configurations on.
|
||||
In this section, we will create a test group to assign your configurations on.
|
||||
|
||||
>[!NOTE]
|
||||
>Intune uses Azure Active Directory (Azure AD) groups to manage devices and
|
||||
@ -81,7 +81,7 @@ needs.<br>
|
||||
|
||||
5. From the **Groups > All groups** pane, open your new group.
|
||||
|
||||
6. Click on **Members > Add members**.
|
||||
6. Select **Members > Add members**.
|
||||
|
||||
7. Find your test user or device and select it.
|
||||
|
||||
@ -93,7 +93,7 @@ needs.<br>
|
||||
In the following section, you'll create a number of configuration policies.
|
||||
First is a configuration policy to select which groups of users or devices will
|
||||
be onboarded to Microsoft Defender ATP. Then you will continue by creating several
|
||||
different types of Endpoint Security policies.
|
||||
different types of Endpoint security policies.
|
||||
|
||||
### Endpoint detection and response
|
||||
|
||||
@ -107,31 +107,31 @@ different types of Endpoint Security policies.
|
||||
3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection
|
||||
and response > Create**.
|
||||
|
||||
4. Enter name and description, then click **Next**.
|
||||
4. Enter a name and description, then select **Next**.
|
||||
|
||||
|
||||
|
||||
5. Select settings as required, then click **Next**.
|
||||
5. Select settings as required, then select **Next**.
|
||||
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>In this instance, this has been auto populated as Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#enable-microsoft-defender-atp-in-intune). <br>
|
||||
>If you have not integrated Microsoft Defender ATP h and Intune, complete [these
|
||||
>If you have not integrated Microsoft Defender ATP and Intune, complete [these
|
||||
steps](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm#onboard-machines-using-microsoft-intune)
|
||||
to create and upload an onboarding blob.
|
||||
|
||||
|
||||
|
||||
6. Add scope tags if required, then click **Next**.
|
||||
6. Add scope tags if required, then select **Next**.
|
||||
|
||||
|
||||
|
||||
7. Add test group by clicking on **Select groups to include** and choose your group, then click **Next**.
|
||||
7. Add test group by clicking on **Select groups to include** and choose your group, then select **Next**.
|
||||
|
||||
|
||||
|
||||
8. Review and accept, then click **Create**.
|
||||
8. Review and accept, then select **Create**.
|
||||
|
||||
|
||||
|
||||
@ -150,29 +150,29 @@ different types of Endpoint Security policies.
|
||||
3. Select **Platform - Windows 10 and Later - Windows and Profile – Microsoft
|
||||
Defender Antivirus > Create**.
|
||||
|
||||
4. Enter name and description, then click **Next**.
|
||||
4. Enter name and description, then select **Next**.
|
||||
|
||||
|
||||
|
||||
5. In the Configuration settings page: Set the configurations you require for
|
||||
Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real Time
|
||||
5. In the **Configuration settings page**: Set the configurations you require for
|
||||
Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time
|
||||
Protection, and Remediation).
|
||||
|
||||
|
||||
|
||||
6. Add scope tags if required, then click **Next**.
|
||||
6. Add scope tags if required, then select **Next**.
|
||||
|
||||
|
||||
|
||||
7. Select groups to include, assign to your test group > Next
|
||||
7. Select groups to include, assign to your test group, then select **Next**.
|
||||
|
||||
|
||||
|
||||
8. Review and create, then click **Create**.
|
||||
8. Review and create, then select **Create**.
|
||||
|
||||
|
||||
|
||||
9. You can see the configuration policy you created as per below
|
||||
9. You'll see the configuration policy you created.
|
||||
|
||||
|
||||
|
||||
@ -182,22 +182,22 @@ different types of Endpoint Security policies.
|
||||
|
||||
2. Navigate to **Endpoint security > Attack surface reduction**.
|
||||
|
||||
3. Click on **Create Policy**.
|
||||
3. Select **Create Policy**.
|
||||
|
||||
>[!NOTE]
|
||||
>We will be setting these as Audit.
|
||||
|
||||
5. Select **Platform - Windows 10 and Later – Profile - Attack surface reduction
|
||||
4. Select **Platform - Windows 10 and Later – Profile - Attack surface reduction
|
||||
rules > Create**.
|
||||
|
||||
|
||||
|
||||
6. Enter a name and description, then click **Next**.
|
||||
5. Enter a name and description, then select **Next**.
|
||||
|
||||
|
||||
|
||||
7. In the Configuration settings page: Set the configurations you require for
|
||||
Attack surface reduction rules, then click **Next**.
|
||||
6. In the **Configuration settings page**: Set the configurations you require for
|
||||
Attack surface reduction rules, then select **Next**.
|
||||
|
||||
>[!NOTE]
|
||||
>We will be configuring all of the Attack surface reduction rules to Audit.
|
||||
@ -206,19 +206,19 @@ different types of Endpoint Security policies.
|
||||
|
||||
|
||||
|
||||
8. Add Scope Tags as required, then click **Next**.
|
||||
7. Add Scope Tags as required, then select **Next**.
|
||||
|
||||
|
||||
|
||||
9. Select groups to include and assign to test group, then click **Next**.
|
||||
8. Select groups to include and assign to test group, then select **Next**.
|
||||
|
||||
|
||||
|
||||
10. Review the details, then click **Create**.
|
||||
9. Review the details, then select **Create**.
|
||||
|
||||
|
||||
|
||||
11. View the policy.
|
||||
10. View the policy.
|
||||
|
||||
|
||||
|
||||
@ -228,18 +228,18 @@ different types of Endpoint Security policies.
|
||||
|
||||
2. Navigate to **Endpoint security > Attack surface reduction**.
|
||||
|
||||
3. Click on **Create Policy**.
|
||||
3. Select **Create Policy**.
|
||||
|
||||
4. Select **Windows 10 and Later – Web protection > Create**.
|
||||
|
||||
|
||||
|
||||
5. Enter name and description, then click **Next**.
|
||||
5. Enter a name and description, then select **Next**.
|
||||
|
||||
|
||||
|
||||
6. In the Configuration settings page: Set the configurations you require for
|
||||
Web Protection, then click **Next**.
|
||||
6. In the **Configuration settings page**: Set the configurations you require for
|
||||
Web Protection, then select **Next**.
|
||||
|
||||
>[!NOTE]
|
||||
>We are configuring Web Protection to Block.
|
||||
@ -270,38 +270,37 @@ different types of Endpoint Security policies.
|
||||
### Confirm Policies have applied
|
||||
|
||||
|
||||
Once the Configuration policy has been assigned it will take some time to apply.
|
||||
Once the Configuration policy has been assigned, it will take some time to apply.
|
||||
|
||||
For information on timing, see [Intune configuration information](https://docs.microsoft.com/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
|
||||
|
||||
To confirm that the configuration policy has been applied to your test device
|
||||
follow the following process for each configuration policy.
|
||||
To confirm that the configuration policy has been applied to your test device, follow the following process for each configuration policy.
|
||||
|
||||
1. Open the MEM portal and navigate to the relevant policy as shown in the
|
||||
steps above. The following example shows the next generation protection settings.
|
||||
|
||||
|
||||
|
||||
2. Click on the **Configuration Policy** to view the policy status.
|
||||
2. Select the **Configuration Policy** to view the policy status.
|
||||
|
||||
|
||||
|
||||
3. Click on **Device Status** to see the status.
|
||||
3. Select **Device Status** to see the status.
|
||||
|
||||
|
||||
|
||||
4. Click on **User Status** to see the status.
|
||||
4. Select **User Status** to see the status.
|
||||
|
||||
|
||||
|
||||
5. Click on **Per-setting status** to see the status.
|
||||
5. Select **Per-setting status** to see the status.
|
||||
|
||||
>[!TIP]
|
||||
>This view is very useful to identify any settings that conflict with another policy.
|
||||
|
||||
|
||||
|
||||
### Endpoint Detection and Response
|
||||
### Endpoint detection and response
|
||||
|
||||
|
||||
1. Before applying the configuration, the Microsoft Defender ATP
|
||||
@ -314,7 +313,7 @@ follow the following process for each configuration policy.
|
||||
|
||||
|
||||
|
||||
3. After the services is running on the device, the device appears in Microsoft
|
||||
3. After the services are running on the device, the device appears in Microsoft
|
||||
Defender Security Center.
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user