mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-18 16:27:22 +00:00
thirty files for system center rebranding to msft endpoint
This commit is contained in:
LauraKellerGitHub
parent
dec9bfb44c
commit
d239a9a297
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboarding tools and methods for Windows 10 machines
|
||||
description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
|
||||
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
|
||||
keywords: Onboard Windows 10 machines, group policy, endpoint configuration manager, mobile device management, local script, gp, sccm, mdm, intune
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
@ -31,7 +31,7 @@ Machines in your organization must be configured so that the Microsoft Defender
|
||||
The following deployment tools and methods are supported:
|
||||
|
||||
- Group Policy
|
||||
- System Center Configuration Manager
|
||||
- Microsoft Endpoint Configuration Manager
|
||||
- Mobile Device Management (including Microsoft Intune)
|
||||
- Local script
|
||||
|
||||
@ -39,7 +39,7 @@ The following deployment tools and methods are supported:
|
||||
Topic | Description
|
||||
:---|:---
|
||||
[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md) | Use Group Policy to deploy the configuration package on machines.
|
||||
[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
|
||||
[Onboard Windows 10 machines using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) | You can use either use Microsoft Endpoint Configuration Manager (current branch) version 1606 or Microsoft Endpoint Configuration Manager (current branch) version 1602 or earlier to deploy the configuration package on machines.
|
||||
[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
|
||||
[Onboard Windows 10 machines using a local script](configure-endpoints-script.md) | Learn how to use the local script to deploy the configuration package on endpoints.
|
||||
[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI machines.
|
||||
|
||||
@ -129,7 +129,7 @@ Once completed, you should see onboarded servers in the portal within an hour.
|
||||
To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below.
|
||||
|
||||
> [!NOTE]
|
||||
> The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
|
||||
> The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Microsoft Endpoint Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
|
||||
|
||||
Supported tools include:
|
||||
- Local script
|
||||
|
||||
@ -25,7 +25,7 @@ ms.custom: asr
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the System Center Configuration Manager (SCCM) and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
|
||||
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the Microsoft Endpoint Configuration Manager and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
|
||||
|
||||
Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders.
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ You can enable attack surface reduction rules by using any of these methods:
|
||||
|
||||
* [Microsoft Intune](#intune)
|
||||
* [Mobile Device Management (MDM)](#mdm)
|
||||
* [System Center Configuration Manager (SCCM)](#sccm)
|
||||
* [Microsoft Endpoint Configuration Manager](#sccm)
|
||||
* [Group Policy](#group-policy)
|
||||
* [PowerShell](#powershell)
|
||||
|
||||
@ -101,7 +101,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
|
||||
|
||||
## SCCM
|
||||
|
||||
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. Click **Home** > **Create Exploit Guard Policy**.
|
||||
1. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**.
|
||||
1. Choose which rules will block or audit actions and click **Next**.
|
||||
|
||||
@ -30,7 +30,7 @@ You can enable controlled folder access by using any of these methods:
|
||||
* [Windows Security app](#windows-security-app)
|
||||
* [Microsoft Intune](#intune)
|
||||
* [Mobile Device Management (MDM)](#mdm)
|
||||
* [System Center Configuration Manager (SCCM)](#sccm)
|
||||
* [Microsoft Endpoint Configuration Manager](#sccm)
|
||||
* [Group Policy](#group-policy)
|
||||
* [PowerShell](#powershell)
|
||||
|
||||
@ -80,7 +80,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
|
||||
|
||||
## SCCM
|
||||
|
||||
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
2. Click **Home** > **Create Exploit Guard Policy**.
|
||||
3. Enter a name and a description, click **Controlled folder access**, and click **Next**.
|
||||
4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.
|
||||
|
||||
@ -34,7 +34,7 @@ You can enable each mitigation separately by using any of these methods:
|
||||
* [Windows Security app](#windows-security-app)
|
||||
* [Microsoft Intune](#intune)
|
||||
* [Mobile Device Management (MDM)](#mdm)
|
||||
* [System Center Configuration Manager (SCCM)](#sccm)
|
||||
* [Microsoft Endpoint Configuration Manager](#sccm)
|
||||
* [Group Policy](#group-policy)
|
||||
* [PowerShell](#powershell)
|
||||
|
||||
@ -128,9 +128,9 @@ CFG will be enabled for *miles.exe*.
|
||||
|
||||
Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode.
|
||||
|
||||
## SCCM
|
||||
## Microsoft Endpoint Configuration Manager
|
||||
|
||||
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. Click **Home** > **Create Exploit Guard Policy**.
|
||||
1. Enter a name and a description, click **Exploit protection**, and click **Next**.
|
||||
1. Browse to the location of the exploit protection XML file and click **Next**.
|
||||
|
||||
@ -30,7 +30,7 @@ You can enable network protection by using any of these methods:
|
||||
|
||||
* [Microsoft Intune](#intune)
|
||||
* [Mobile Device Management (MDM)](#mdm)
|
||||
* [System Center Configuration Manager (SCCM)](#sccm)
|
||||
* [Microsoft Endpoint Configuration Manager](#sccm)
|
||||
* [Group Policy](#group-policy)
|
||||
* [PowerShell](#powershell)
|
||||
|
||||
@ -51,7 +51,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://d
|
||||
|
||||
## SCCM
|
||||
|
||||
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
|
||||
1. Click **Home** > **Create Exploit Guard Policy**.
|
||||
1. Enter a name and a description, click **Network protection**, and click **Next**.
|
||||
1. Choose whether to block or audit access to suspicious domains and click **Next**.
|
||||
|
||||
@ -46,7 +46,7 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
|
||||
|
||||
> [!TIP]
|
||||
> If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
|
||||
You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
|
||||
You can also use Group Policy, Intune, MDM, or Microsoft Endpoint Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
|
||||
|
||||
## Review controlled folder access events in Windows Event Viewer
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ Microsoft Defender ATP supports a wide variety of options to ensure that custome
|
||||
|
||||
Acknowledging that customer environments and structures can vary, Microsoft Defender ATP was created with flexibility and granular control to fit varying customer requirements.
|
||||
|
||||
Machine onboarding is fully integrated into System Center Configuration Manager and Microsoft Intune for client machines and Azure Security Center for server machines, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender ATP supports Group Policy and other third-party tools used for machines management.
|
||||
Machine onboarding is fully integrated into Microsoft Endpoint Configuration Manager and Microsoft Intune for client machines and Azure Security Center for server machines, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender ATP supports Group Policy and other third-party tools used for machines management.
|
||||
|
||||
Microsoft Defender ATP provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
|
||||
- Globally distributed organizations and security teams
|
||||
|
||||
@ -180,7 +180,7 @@ For more information, see [Windows Defender Antivirus compatibility](../windows-
|
||||
## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
|
||||
If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Microsoft Defender ATP agent will successfully onboard.
|
||||
|
||||
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
|
||||
If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
|
||||
|
||||
|
||||
|
||||
|
||||
@ -30,12 +30,12 @@ It helps organizations discover vulnerabilities and misconfigurations in real-ti
|
||||
## Next-generation capabilities
|
||||
Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledgebase.
|
||||
|
||||
It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).
|
||||
It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft Microsoft Endpoint Configuration Manager.
|
||||
|
||||
It provides the following solutions to frequently-cited gaps across security operations, security administration, and IT administration workflows and communication.
|
||||
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
|
||||
- Linked machine vulnerability and security configuration assessment data in the context of exposure discovery
|
||||
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
|
||||
- Built-in remediation processes through Microsoft Intune and Microsoft Endpoint Configuration Manager
|
||||
|
||||
### Real-time discovery
|
||||
|
||||
@ -55,7 +55,7 @@ Threat & Vulnerability Management helps customers prioritize and focus on those
|
||||
### Seamless remediation
|
||||
|
||||
Microsoft Defender ATP’s Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.
|
||||
- Remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and System Center Configuration Manager (SCCM), security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
|
||||
- Remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
|
||||
- Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
|
||||
- Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization.
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ Follow the corresponding instructions depending on your preferred deployment met
|
||||
## Offboard Windows 10 machines
|
||||
- [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script)
|
||||
- [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy)
|
||||
- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
|
||||
- [Offboard machines using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
|
||||
- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
|
||||
|
||||
## Offboard Servers
|
||||
|
||||
@ -42,7 +42,7 @@ Ensure that your machines:
|
||||
> RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
|
||||
> 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
|
||||
|
||||
- Are onboarded to Microsoft Intune and System Center Configuration Manager (SCCM). If you are use SCCM, update your console to the latest May version 1905
|
||||
- Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager. If you are using Configuration Manager, update your console to the latest version.
|
||||
- Have at least one security recommendation that can be viewed in the machine page
|
||||
- Are tagged or marked as co-managed
|
||||
|
||||
|
||||
@ -40,15 +40,15 @@ If you have completed the onboarding process and don't see machines in the [Mach
|
||||
|
||||
If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
|
||||
|
||||
### Troubleshoot onboarding issues when deploying with System Center Configuration Manager
|
||||
When onboarding machines using the following versions of System Center Configuration Manager:
|
||||
### Troubleshoot onboarding issues when deploying with Microsoft Endpoint Configuration Manager
|
||||
When onboarding machines using the following versions of Microsoft Endpoint Configuration Manager:
|
||||
- System Center 2012 Configuration Manager
|
||||
- System Center 2012 R2 Configuration Manager
|
||||
- System Center Configuration Manager (current branch) version 1511
|
||||
- System Center Configuration Manager (current branch) version 1602
|
||||
- Microsoft Endpoint Configuration Manager (current branch) version 1511
|
||||
- Microsoft Endpoint Configuration Manager (current branch) version 1602
|
||||
|
||||
|
||||
Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the machines. You can track the deployment in the Configuration Manager Console.
|
||||
Deployment with the above-mentioned versions of Microsoft Endpoint Center Configuration Manager is done by running the onboarding script on the machines. You can track the deployment in the Configuration Manager Console.
|
||||
|
||||
If the deployment fails, you can check the output of the script on the machines.
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.topic: conceptual
|
||||
Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
|
||||
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
|
||||
- Invaluable machine vulnerability context during incident investigations
|
||||
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager (SCCM)
|
||||
- Built-in remediation processes through Microsoft Intune and Microsoft Microsoft Endpoint Configuration Manager (SCCM)
|
||||
|
||||
You can use the Threat & Vulnerability Management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
|
||||
- View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Remediation and exception
|
||||
description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations or filing exceptions provided there are compensation controls. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).
|
||||
description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations or filing exceptions provided there are compensation controls. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft Endpoint Configuration Manager.
|
||||
keywords: microsoft defender atp tvm remediation, mdatp tvm, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -27,7 +27,7 @@ ms.date: 04/11/2019
|
||||
|
||||
The cyber security weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact on the security recommendation list. Prioritized recommendation helps shorten the mean time to mitigate or remediate vulnerabilities and drive compliance.
|
||||
|
||||
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM). It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collect information from your environment.
|
||||
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
|
||||
|
||||
## The basis of the security recommendation
|
||||
Each machine in the organization is scored based on three important factors: threat, likelihood to be breached, and value, to help customers to focus on the right things at the right time.
|
||||
|
||||
@ -279,7 +279,7 @@ SAWs are computers that are built to help significantly reduce the risk of compr
|
||||
|
||||
To protect high-value assets, SAWs are used to make secure connections to those assets.
|
||||
|
||||
Similarly, on corporate fully-managed workstations, where applications are installed by using a distribution tool like System Center Configuration Manager, Intune, or any third-party device management, then Device Guard is very applicable. In that type of scenario, the organization has a good idea of the software that an average user is running.
|
||||
Similarly, on corporate fully-managed workstations, where applications are installed by using a distribution tool like Microsoft Endpoint Configuration Manager, Intune, or any third-party device management, then Device Guard is very applicable. In that type of scenario, the organization has a good idea of the software that an average user is running.
|
||||
|
||||
It could be challenging to use Device Guard on corporate, lightly-managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it’s quite difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log will contain a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run.
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ manager: dansimp
|
||||
You can manage and configure Windows Defender Antivirus with the following tools:
|
||||
|
||||
- Microsoft Intune
|
||||
- System Center Configuration Manager
|
||||
- Microsoft Endpoint Configuration Manager
|
||||
- Group Policy
|
||||
- PowerShell cmdlets
|
||||
- Windows Management Instrumentation (WMI)
|
||||
@ -38,7 +38,7 @@ The topics in this section provide further information, links, and resources for
|
||||
|
||||
Topic | Description
|
||||
---|---
|
||||
[Manage Windows Defender Antivirus with Microsoft Intune and System Center Configuration Manager](use-intune-config-manager-windows-defender-antivirus.md)|Information about using Intune and System Center Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus
|
||||
[Manage Windows Defender Antivirus with Microsoft Intune and Microsoft Endpoint Configuration Manager](use-intune-config-manager-windows-defender-antivirus.md)|Information about using Intune and Microsoft Endpoint Configuration Manager to deploy, manage, report, and configure Windows Defender Antivirus
|
||||
[Manage Windows Defender Antivirus with Group Policy settings](use-group-policy-windows-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates
|
||||
[Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage Windows Defender Antivirus, plus links to documentation for all cmdlets and allowed parameters
|
||||
[Manage Windows Defender Antivirus with Windows Management Instrumentation (WMI)](use-wmi-windows-defender-antivirus.md)| Instructions for using WMI to manage Windows Defender Antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties)
|
||||
|
||||
@ -32,7 +32,7 @@ See [Configure device restriction settings in Microsoft Intune](https://docs.mic
|
||||
|
||||
**Use Configuration Manager to configure scanning options:**
|
||||
|
||||
See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch).
|
||||
See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
|
||||
|
||||
**Use Group Policy to configure scanning options**
|
||||
|
||||
|
||||
@ -73,7 +73,7 @@ For a list of Windows Defender Antivirus device restrictions in Intune, see [Dev
|
||||
|
||||
### Enable block at first sight with SCCM
|
||||
|
||||
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**.
|
||||
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**.
|
||||
|
||||
2. Click **Home** > **Create Antimalware Policy**.
|
||||
|
||||
|
||||
@ -77,7 +77,7 @@ See the following articles:
|
||||
|
||||
### Use Configuration Manager to configure file name, folder, or file extension exclusions
|
||||
|
||||
See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring System Center Configuration Manager (current branch).
|
||||
See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
|
||||
|
||||
### Use Group Policy to configure folder or file extension exclusions
|
||||
|
||||
@ -272,7 +272,7 @@ The following table describes how the wildcards can be used and provides some ex
|
||||
|
||||
You can retrieve the items in the exclusion list using one of the following methods:
|
||||
- [Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
|
||||
- [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings)
|
||||
- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings)
|
||||
- MpCmdRun
|
||||
- PowerShell
|
||||
- [Windows Security app](windows-defender-security-center-antivirus.md#exclusions)
|
||||
|
||||
@ -43,7 +43,7 @@ The Windows Defender Antivirus cloud service provides fast, strong protection fo
|
||||
>[!NOTE]
|
||||
>The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
|
||||
|
||||
See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) for details on enabling the service with Intune, System Center Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app.
|
||||
See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app.
|
||||
|
||||
After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
|
||||
|
||||
|
||||
@ -74,7 +74,7 @@ You can use Group Policy to:
|
||||
Hiding notifications can be useful in situations where you can't hide the entire Windows Defender Antivirus interface. See [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-windows-defender-antivirus.md) for more information.
|
||||
|
||||
> [!NOTE]
|
||||
> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/sccm/protect/deploy-use/monitor-endpoint-protection).
|
||||
> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Endpoint Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/sccm/protect/deploy-use/monitor-endpoint-protection).
|
||||
|
||||
See [Customize the Windows Security app for your organization](../windows-defender-security-center/windows-defender-security-center.md) for instructions to add custom contact information to the notifications that users see on their machines.
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@ The exclusions only apply to [always-on real-time protection and monitoring](con
|
||||
|
||||
Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists.
|
||||
|
||||
You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [System Center Configuration Manager, Microsoft Intune, and with the Windows Security app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists.
|
||||
You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists.
|
||||
|
||||
You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](#ps), including [reviewing](#review) your lists.
|
||||
|
||||
@ -57,9 +57,9 @@ You can [configure how locally and globally defined exclusions lists are merged]
|
||||
|
||||
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
|
||||
|
||||
### Use System Center Configuration Manager to exclude files that have been opened by specified processes from scans
|
||||
### Use Microsoft Endpoint Configuration Manager to exclude files that have been opened by specified processes from scans
|
||||
|
||||
See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring System Center Configuration Manager (current branch).
|
||||
See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
|
||||
|
||||
### Use Group Policy to exclude files that have been opened by specified processes from scans
|
||||
|
||||
@ -150,7 +150,7 @@ Environment variables | The defined variable will be populated as a path when th
|
||||
|
||||
## Review the list of exclusions
|
||||
|
||||
You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
|
||||
You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
|
||||
|
||||
If you use PowerShell, you can retrieve the list in two ways:
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ manager: dansimp
|
||||
|
||||
When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
|
||||
|
||||
This topic describes how to configure these settings with Group Policy, but you can also use [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
This topic describes how to configure these settings with Group Policy, but you can also use [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
|
||||
You can also use the [`Set-MpPreference` PowerShell cmdlet](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference) or [`MSFT_MpPreference` WMI class](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) to configure these settings.
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Windows Defender Antivirus features
|
||||
description: You can configure Windows Defender Antivirus features with Intune, System Center Configuration Manager, Group Policy, and PowerShell.
|
||||
keywords: Windows Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, System Center Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell
|
||||
description: You can configure Windows Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell.
|
||||
keywords: Windows Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -26,7 +26,7 @@ manager: dansimp
|
||||
You can configure Windows Defender Antivirus with a number of tools, including:
|
||||
|
||||
- Microsoft Intune
|
||||
- System Center Configuration Manager
|
||||
- Microsoft Endpoint Configuration Manager
|
||||
- Group Policy
|
||||
- PowerShell cmdlets
|
||||
- Windows Management Instrumentation (WMI)
|
||||
|
||||
@ -34,4 +34,4 @@ Topic | Description
|
||||
[Configure remediation for scans](configure-remediation-windows-defender-antivirus.md) | Configure what Windows Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder
|
||||
[Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md) | Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
|
||||
[Configure and run scans](run-scan-windows-defender-antivirus.md) | Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app
|
||||
[Review scan results](review-scan-results-windows-defender-antivirus.md) | Review the results of scans using System Center Configuration Manager, Microsoft Intune, or the Windows Security app
|
||||
[Review scan results](review-scan-results-windows-defender-antivirus.md) | Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Deploy, manage, and report on Windows Defender Antivirus
|
||||
description: You can deploy and manage Windows Defender Antivirus with Intune, System Center Configuration Manager, Group Policy, PowerShell, or WMI
|
||||
description: You can deploy and manage Windows Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI
|
||||
keywords: deploy, manage, update, protection, windows defender antivirus
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
@ -27,7 +27,7 @@ You can deploy, manage, and report on Windows Defender Antivirus in a number of
|
||||
|
||||
Because the Windows Defender Antivirus client is installed as a core part of Windows 10, traditional deployment of a client to your endpoints does not apply.
|
||||
|
||||
However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, System Center Configuration Manager, Azure Security Center, or Group Policy Objects, which is described in the following table.
|
||||
However, in most cases you will still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Azure Security Center, or Group Policy Objects, which is described in the following table.
|
||||
|
||||
You'll also see additional links for:
|
||||
|
||||
@ -40,13 +40,13 @@ You'll also see additional links for:
|
||||
Tool|Deployment options (<a href="#fn2" id="ref2">2</a>)|Management options (network-wide configuration and policy or baseline deployment) ([3](#fn3))|Reporting options
|
||||
---|---|---|---
|
||||
Microsoft Intune|[Add endpoint protection settings in Intune](https://docs.microsoft.com/intune/endpoint-protection-configure)|[Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure)| [Use the Intune console to manage devices](https://docs.microsoft.com/intune/device-management)
|
||||
System Center Configuration Manager ([1](#fn1))|Use the [Endpoint Protection point site system role][] and [enable Endpoint Protection with custom client settings][]|With [default and customized antimalware policies][] and [client management][]|With the default [Configuration Manager Monitoring workspace][] and [email alerts][]
|
||||
Microsoft Endpoint Configuration Manager ([1](#fn1))|Use the [Endpoint Protection point site system role][] and [enable Endpoint Protection with custom client settings][]|With [default and customized antimalware policies][] and [client management][]|With the default [Configuration Manager Monitoring workspace][] and [email alerts][]
|
||||
Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
|
||||
PowerShell|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference] and [Update-MpSignature] cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module][]
|
||||
Windows Management Instrumentation|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
|
||||
PowerShell|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference] and [Update-MpSignature] cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module][]
|
||||
Windows Management Instrumentation|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
|
||||
Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.
|
||||
|
||||
1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between System Center Configuration Manager (Current Branch) and System Center Configuration Manager 2012. In this library, we've focused on Windows 10, Windows Server 2016, and System Center Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2)
|
||||
1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Configuration Manager (Current Branch) and System Center Configuration Manager 2012. In this library, we've focused on Windows 10, Windows Server 2016, and Microsoft Endpoint Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2)
|
||||
|
||||
2. <span id="fn2" />In Windows 10, Windows Defender Antivirus is a component available without installation or deployment of an additional client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date ([except on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)). Traditional deployment therefore is not required. Deployment here refers to ensuring the Windows Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2)
|
||||
|
||||
@ -80,6 +80,6 @@ Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by
|
||||
|
||||
Topic | Description
|
||||
---|---
|
||||
[Deploy and enable Windows Defender Antivirus protection](deploy-windows-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with System Center Configuration Manager, Microsoft Intune, or Group Policy Objects.
|
||||
[Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) | There are two parts to updating Windows Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using System Center Configuration Manager, Group Policy, PowerShell, and WMI.
|
||||
[Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md) | You can use Microsoft Intune, System Center Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection.
|
||||
[Deploy and enable Windows Defender Antivirus protection](deploy-windows-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects.
|
||||
[Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) | There are two parts to updating Windows Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in a number of ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI.
|
||||
[Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Deploy and enable Windows Defender Antivirus
|
||||
description: Deploy Windows Defender Antivirus for protection of your endpoints with Microsoft Intune, System Center Configuration Manager, Group Policy, PowerShell cmdlets, or WMI.
|
||||
description: Deploy Windows Defender Antivirus for protection of your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or WMI.
|
||||
keywords: deploy, enable, Windows Defender Antivirus
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
@ -25,7 +25,7 @@ manager: dansimp
|
||||
|
||||
Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender Antivirus protection.
|
||||
|
||||
See the table in [Deploy, manage, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md#ref2) for instructions on how to enable protection with Microsoft Intune, System Center Configuration Manager, Group Policy, Active Directory, Microsoft Azure, PowerShell cmdlets, and Windows Management Instruction (WMI).
|
||||
See the table in [Deploy, manage, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md#ref2) for instructions on how to enable protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, Active Directory, Microsoft Azure, PowerShell cmdlets, and Windows Management Instruction (WMI).
|
||||
|
||||
Some scenarios require additional guidance on how to successfully deploy or configure Windows Defender Antivirus protection, such as Virtual Desktop Infrastructure (VDI) environments.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user