mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merge branch 'master' into Benny-54-passive-mode
This commit is contained in:
Denise Vangel-MSFT
GitHub
commit
d2efe23730
@ -13,7 +13,7 @@ ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.reviewer: tewchen, pahuijbr, shwjha
|
||||
manager: dansimp
|
||||
ms.date: 01/11/2021
|
||||
ms.date: 01/21/2021
|
||||
---
|
||||
|
||||
# Microsoft Defender Antivirus compatibility
|
||||
@ -38,27 +38,36 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
|
||||
|
||||
| Windows version | Antimalware protection | Microsoft Defender for Endpoint enrollment | Microsoft Defender Antivirus state |
|
||||
|------|------|-------|-------|
|
||||
| Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode |
|
||||
| Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode |
|
||||
| Windows 10 | Microsoft Defender Antivirus | Yes | Active mode |
|
||||
| Windows 10 | Microsoft Defender Antivirus | No | Active mode |
|
||||
| Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode<sup>[[1](#fn1)]</sup> |
|
||||
| Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft | No | Active mode<sup>[[1](#fn1)]<sup> |
|
||||
| Windows Server 2016 or 2019 | Microsoft Defender Antivirus | Yes | Active mode |
|
||||
| Windows Server 2016 or 2019 | Microsoft Defender Antivirus | No | Active mode |
|
||||
| Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode |
|
||||
| Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode |
|
||||
| Windows 10 | Microsoft Defender Antivirus | Yes | Active mode |
|
||||
| Windows 10 | Microsoft Defender Antivirus | No | Active mode |
|
||||
| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode<sup>[[1](#fn1)]</sup> |
|
||||
| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No | Must be set to passive mode (manually)<sup>[[1](#fn1)]<sup> |
|
||||
| Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | Yes | Active mode |
|
||||
| Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | No | Active mode |
|
||||
| Windows Server 2016 | Microsoft Defender Antivirus | Yes | Active mode |
|
||||
| Windows Server 2016 | Microsoft Defender Antivirus | No | Active mode |
|
||||
| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Must be disabled (manually)<sup>[[2](#fn2)]<sup> |
|
||||
| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually)<sup>[[2](#fn2)]<sup> |
|
||||
|
||||
(<a id="fn1">1</a>) On Windows Server 2016 or 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
|
||||
(<a id="fn1">1</a>) On Windows Server, version 1803 or newer, or Windows Server 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
|
||||
|
||||
If you are using Windows Server, version 1803 or Windows Server 2019, you set Microsoft Defender Antivirus to passive mode by setting this registry key:
|
||||
If you are using Windows Server, version 1803 or newer, or Windows Server 2019, you can set Microsoft Defender Antivirus to passive mode by setting the following registry key:
|
||||
- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
|
||||
- Name: `ForceDefenderPassiveMode`
|
||||
- Type: `REG_DWORD`
|
||||
- Value: `1`
|
||||
|
||||
See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
|
||||
> [!NOTE]
|
||||
> The `ForceDefenderPassiveMode` registry key is not supported on Windows Server 2016.
|
||||
|
||||
(<a id="fn2">2</a>) On Windows Server 2016, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In addition, Microsoft Defender Antivirus is not supported in passive mode. In those cases, [disable/uninstall Microsoft Defender Antivirus manually](microsoft-defender-antivirus-on-windows-server-2016.md#are-you-using-windows-server-2016) to prevent problems caused by having multiple antivirus products installed on a server.
|
||||
|
||||
See [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Microsoft Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019.
|
||||
> Microsoft Defender Antivirus is only available on devices running Windows 10, Windows Server 2016, Windows Server, version 1803 or later, and Windows Server 2019.
|
||||
>
|
||||
> In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through Microsoft Endpoint Configuration Manager.
|
||||
>
|
||||
@ -81,7 +90,7 @@ The table in this section summarizes the functionality and features that are ava
|
||||
- In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
|
||||
- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
|
||||
- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it can still detect and remediate malicious items.
|
||||
- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended.
|
||||
- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
|
||||
|
||||
## Keep the following points in mind
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Microsoft Defender Antivirus on Windows Server 2016 and 2019
|
||||
title: Microsoft Defender Antivirus on Windows Server
|
||||
description: Learn how to enable and configure Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019.
|
||||
keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -10,12 +10,12 @@ ms.sitesec: library
|
||||
ms.localizationpriority: medium
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.date: 01/04/2021
|
||||
ms.date: 01/21/2021
|
||||
ms.reviewer: pahuijbr, shwjha
|
||||
manager: dansimp
|
||||
---
|
||||
|
||||
# Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019
|
||||
# Microsoft Defender Antivirus on Windows Server
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
@ -23,9 +23,12 @@ manager: dansimp
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
Microsoft Defender Antivirus is available on Windows Server 2016 and 2019. In some instances, Microsoft Defender Antivirus is referred to as *Endpoint Protection*; however, the protection engine is the same.
|
||||
Microsoft Defender Antivirus is available on the following editions/versions of Windows Server:
|
||||
- Windows Server 2019
|
||||
- Windows Server, version 1803 or later
|
||||
- Windows Server 2016.
|
||||
|
||||
While the functionality, configuration, and management are largely the same for [Microsoft Defender Antivirus on Windows 10](microsoft-defender-antivirus-in-windows-10.md), there are a few key differences on Windows Server 2016 and 2019:
|
||||
In some instances, Microsoft Defender Antivirus is referred to as *Endpoint Protection*; however, the protection engine is the same. Although the functionality, configuration, and management are largely the same for [Microsoft Defender Antivirus on Windows 10](microsoft-defender-antivirus-in-windows-10.md), there are a few key differences on Windows Server:
|
||||
|
||||
- In Windows Server, [automatic exclusions](configure-server-exclusions-microsoft-defender-antivirus.md) are applied based on your defined Server Role.
|
||||
- In Windows Server, Microsoft Defender Antivirus does not automatically disable itself if you are running another antivirus product.
|
||||
@ -34,29 +37,29 @@ While the functionality, configuration, and management are largely the same for
|
||||
|
||||
The process of setting up and running Microsoft Defender Antivirus on a server platform includes several steps:
|
||||
|
||||
1. [Enable the interface](#enable-the-user-interface-on-windows-server-2016-or-2019).
|
||||
2. [Install Microsoft Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server-2016-or-2019).
|
||||
1. [Enable the interface](#enable-the-user-interface-on-windows-server).
|
||||
2. [Install Microsoft Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server).
|
||||
3. [Verify Microsoft Defender Antivirus is running](#verify-microsoft-defender-antivirus-is-running).
|
||||
4. [Update your antimalware Security intelligence](#update-antimalware-security-intelligence).
|
||||
5. (As needed) [Submit samples](#submit-samples).
|
||||
6. (As needed) [Configure automatic exclusions](#configure-automatic-exclusions).
|
||||
7. (Only if necessary) [Set Microsoft Defender Antivirus to passive mode](#need-to-set-microsoft-defender-antivirus-to-passive-mode).
|
||||
|
||||
## Enable the user interface on Windows Server 2016 or 2019
|
||||
## Enable the user interface on Windows Server
|
||||
|
||||
By default, Microsoft Defender Antivirus is installed and functional on Windows Server 2016 and 2019. The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus. And if the GUI is not installed on your server, you can add it by using the Add Roles and Features Wizard or by using PowerShell.
|
||||
By default, Microsoft Defender Antivirus is installed and functional on Windows Server. The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus. If the GUI is not installed on your server, you can add it by using the **Add Roles and Features** wizard, or by using PowerShell cmdlets.
|
||||
|
||||
### Turn on the GUI using the Add Roles and Features Wizard
|
||||
|
||||
1. Refer to [this article](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**.
|
||||
1. See [Install roles, role services, and features by using the add Roles and Features Wizard](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**.
|
||||
|
||||
2. When you get to the **Features** step of the wizard, under **Windows Defender Features**, select the **GUI for Windows Defender** option.
|
||||
|
||||
In Windows Server 2016, the **Add Roles and Features Wizard** looks like this:
|
||||
In Windows Server 2016, the **Add Roles and Features Wizard** looks like this:
|
||||
|
||||
|
||||
|
||||
|
||||
In Windows Server 2019, the **Add Roles and Feature Wizard** looks much the same.
|
||||
In Windows Server 2019, the **Add Roles and Feature Wizard** is similar.
|
||||
|
||||
### Turn on the GUI using PowerShell
|
||||
|
||||
@ -66,7 +69,7 @@ The following PowerShell cmdlet will enable the interface:
|
||||
Install-WindowsFeature -Name Windows-Defender-GUI
|
||||
```
|
||||
|
||||
## Install Microsoft Defender Antivirus on Windows Server 2016 or 2019
|
||||
## Install Microsoft Defender Antivirus on Windows Server
|
||||
|
||||
You can use either the **Add Roles and Features Wizard** or PowerShell to install Microsoft Defender Antivirus.
|
||||
|
||||
@ -111,7 +114,7 @@ The `sc query` command returns information about the Microsoft Defender Antiviru
|
||||
|
||||
## Update antimalware Security intelligence
|
||||
|
||||
In order to get updated antimalware Security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage.
|
||||
To get updated antimalware security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage.
|
||||
|
||||
By default, Windows Update does not download and install updates automatically on Windows Server 2019 or Windows Server 2016. You can change this configuration by using one of the following methods:
|
||||
|
||||
@ -195,10 +198,22 @@ To turn off the Microsoft Defender Antivirus GUI, use the following PowerShell c
|
||||
Uninstall-WindowsFeature -Name Windows-Defender-GUI
|
||||
```
|
||||
|
||||
### Are you using Windows Server 2016?
|
||||
|
||||
If you are using Windows Server 2016 and a third-party antimalware/antivirus product that is not offered or developed by Microsoft, you'll need to disable/uninstall Microsoft Defender Antivirus.
|
||||
|
||||
> [!NOTE]
|
||||
> You can't uninstall the Windows Security app, but you can disable the interface with these instructions.
|
||||
|
||||
The following PowerShell cmdlet uninstalls Microsoft Defender Antivirus on Windows Server 2016:
|
||||
|
||||
```PowerShell
|
||||
Uninstall-WindowsFeature -Name Windows-Defender
|
||||
```
|
||||
|
||||
## See also
|
||||
|
||||
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
|
||||
|
||||
- [Configure exclusions in Microsoft Defender AV on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md)
|
||||
- [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
|
||||
|
||||
|
||||
|
||||
@ -368,5 +368,44 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines/123321d0c675eaa4
|
||||
4
|
||||
```
|
||||
|
||||
### Example 8
|
||||
|
||||
Get all the devices with 'computerDnsName' starting with 'mymachine':
|
||||
|
||||
```http
|
||||
HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=startswith(computerDnsName,'mymachine')
|
||||
```
|
||||
|
||||
**Response:**
|
||||
|
||||
```json
|
||||
json{
|
||||
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
|
||||
"value": [
|
||||
{
|
||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||
"computerDnsName": "mymachine1.contoso.com",
|
||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||
"osPlatform": "Windows10",
|
||||
"version": "1709",
|
||||
"osProcessor": "x64",
|
||||
"lastIpAddress": "172.17.230.209",
|
||||
"lastExternalIpAddress": "167.220.196.71",
|
||||
"osBuild": 18209,
|
||||
"healthStatus": "ImpairedCommunication",
|
||||
"rbacGroupId": 140,
|
||||
"rbacGroupName": "The-A-Team",
|
||||
"riskScore": "Low",
|
||||
"exposureLevel": "Medium",
|
||||
"isAadJoined": true,
|
||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||
"machineTags": [ "test tag 1", "ExampleTag" ]
|
||||
},
|
||||
...
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## See also
|
||||
- [Microsoft Defender for Endpoint APIs](apis-intro.md)
|
||||
|
||||
@ -95,7 +95,7 @@ Endpoint type | GCC | GCC High
|
||||
:---|:---|:---
|
||||
Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us`
|
||||
Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
|
||||
SIEM | Rolling out | `https://wdatp-alertexporter-us.securitycenter.windows.us`
|
||||
SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https://wdatp-alertexporter-us.securitycenter.windows.us`
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
@ -41,9 +41,7 @@ Here is a list of the types of data being collected:
|
||||
|
||||
### Web page or Network information
|
||||
|
||||
- Connection information only when a malicious connection or web page is detected.
|
||||
|
||||
- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected.
|
||||
- Domain name of the website only when a malicious connection or web page is detected.
|
||||
|
||||
### Device and account information
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboarding using Microsoft Endpoint Manager
|
||||
description: Learn how to onboard to Microsoft Defender ATP using Microsoft Endpoint Configuration Manager
|
||||
keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction
|
||||
title: Onboarding using Microsoft Endpoint Configuration Manager
|
||||
description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Configuration Manager
|
||||
keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint configuration manager
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -19,7 +19,7 @@ ms.collection:
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Onboarding using Microsoft Endpoint Manager
|
||||
# Onboarding using Microsoft Endpoint Configuration Manager
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
@ -63,7 +63,7 @@ created for testing.
|
||||
|
||||
Onboarding using tools such as Group policy or manual method does not install any agent on the system.
|
||||
|
||||
Within the Microsoft Endpoint Manager console
|
||||
Within the Microsoft Endpoint Configuration Manager console
|
||||
the onboarding process will be configured as part of the compliance settings
|
||||
within the console.
|
||||
|
||||
@ -73,47 +73,47 @@ continues to receive this policy from the management point.
|
||||
|
||||
Follow the steps below to onboard endpoints using Microsoft Endpoint Configuration Manager.
|
||||
|
||||
1. In Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Right Click **Device Collection** and select **Create Device Collection**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **Add Rule** and choose **Query Rule**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select **Criteria** and then choose the star icon.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Select **Next** and **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
||||
|
||||
|
||||
## Step 2: Configure Microsoft Defender for Endpoint capabilities
|
||||
This section guides you in configuring the following capabilities using Microsoft Endpoint Manager on Windows devices:
|
||||
This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices:
|
||||
|
||||
- [**Endpoint detection and response**](#endpoint-detection-and-response)
|
||||
- [**Next-generation protection**](#next-generation-protection)
|
||||
@ -143,11 +143,11 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Click **Browse**.
|
||||
|
||||
@ -168,7 +168,7 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
15. Click **Close** when the Wizard completes.
|
||||
|
||||
16. In the Microsoft Endpoint Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
||||
16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
||||
|
||||
|
||||
|
||||
@ -231,7 +231,7 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
|
||||
### Next generation protection
|
||||
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
||||
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
|
||||
|
||||
|
||||
@ -283,9 +283,9 @@ All these features provide an audit mode and a block mode. In audit mode there i
|
||||
|
||||
To set ASR rules in Audit mode:
|
||||
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Attack Surface Reduction**.
|
||||
@ -293,26 +293,26 @@ To set ASR rules in Audit mode:
|
||||
|
||||
3. Set rules to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured ASR rules in audit mode.
|
||||
|
||||
@ -341,7 +341,7 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
|
||||
|
||||
#### Set Network Protection rules in Audit mode:
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
@ -361,42 +361,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Select the policy to the newly created Windows 10 collection and choose **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured Network
|
||||
Protection in audit mode.
|
||||
|
||||
#### To set Controlled Folder Access rules in Audit mode:
|
||||
|
||||
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Controlled folder access**.
|
||||
|
||||
3. Set the configuration to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click on **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
You have now successfully configured Controlled folder access in audit mode.
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboarding using Microsoft Intune
|
||||
description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Intune
|
||||
keywords: onboarding, configuration, deploy, deployment, endpoint manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction
|
||||
title: Onboarding using Microsoft Endpoint Manager
|
||||
description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Manager
|
||||
keywords: onboarding, configuration, deploy, deployment, endpoint manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint manager
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -19,7 +19,7 @@ ms.collection:
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Onboarding using Microsoft Intune
|
||||
# Onboarding using Microsoft Endpoint Manager
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user