mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-27 20:57:23 +00:00
updates
This commit is contained in:
Joey Caparas
parent
b9d2c85da0
commit
d33e2c2414
@ -39,21 +39,15 @@ There are three phases in deploying Microsoft Defender ATP:
|
||||
|
||||
The deployment guide will guide you through the recommended path in deploying Microsoft Defender ATP.
|
||||
|
||||
There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
|
||||
|
||||
## Deployment strategy
|
||||
The [Plan deployment](deployment-strategy.md) topic provides high-level information on prerequisites, design, and configuration options.
|
||||
|
||||
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
|
||||
|
||||
[ ](images/deployment-strategy-big.png#lightbox)
|
||||
|
||||
If you're unfamiliar with the general deployment planning steps, check out the [Plan deployment](deployment-strategy.md) topic to get a high-level overview of the general deployment steps and methods.
|
||||
|
||||
## In Scope
|
||||
|
||||
The following is in scope for this deployment guide:
|
||||
|
||||
- Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service
|
||||
- Use of Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to onboard endpoints into the service and configure capabilities
|
||||
|
||||
- Enabling Microsoft Defender ATP endpoint detection and response (EDR) capabilities
|
||||
|
||||
- Enabling Microsoft Defender ATP endpoint protection platform (EPP)
|
||||
capabilities
|
||||
@ -62,11 +56,6 @@ The following is in scope for this deployment guide:
|
||||
|
||||
- Attack surface reduction
|
||||
|
||||
- Enabling Microsoft Defender ATP endpoint detection and response (EDR)
|
||||
capabilities including automatic investigation and remediation
|
||||
|
||||
- Enabling Microsoft Defender ATP threat and vulnerability management (TVM)
|
||||
|
||||
|
||||
## Out of scope
|
||||
|
||||
|
||||
@ -27,11 +27,13 @@ ms.topic: article
|
||||
|
||||
Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Microsoft Defender ATP.
|
||||
|
||||
This article provides an overview on the general steps you need to take to deploy Microsoft Defender ATP:
|
||||
These are the general steps you need to take to deploy Microsoft Defender ATP:
|
||||
|
||||
|
||||
|
||||
|
||||
- Identify architecture
|
||||
- Select deployment method
|
||||
- Configure capabilities
|
||||
|
||||
|
||||
## Step 1: Identify architecture
|
||||
@ -49,18 +51,17 @@ Use the following material to select the appropriate Microsoft Defender ATP arch
|
||||
|
||||
## Step 2: Select deployment method
|
||||
Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service.
|
||||
Depending on the endpoint or your preferred deployment tool, select the method that best fits your requirements.
|
||||
|
||||
|
||||
The following table lists the supported endpoints and the corresponding deployment tool that you can use so that you can plan the deployment appropriately.
|
||||
|
||||
| Endpoint | Deployment methods |
|
||||
| Endpoint | Deployment tool |
|
||||
|--------------|------------------------------------------|
|
||||
| **Windows** | Local script (up to 10 devices) <br> Group Policy <br> Microsoft Endpoint Manager <br> Mobile Device Manager <br> Microsoft Endpoint Configuration Manager <br> VDI scripts |
|
||||
| **macOS** | Local scripts <br> Mobile Device Manager/Microsoft Intune <br> JAMF Pro <br> |
|
||||
| **Linux Server** | Local script <br> Puppet <br> Ansible|
|
||||
| **iOS** | App-based |
|
||||
| **Android** | Microsoft Endpoint Manager |
|
||||
| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) |
|
||||
| **macOS** | [Local scripts](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) |
|
||||
| **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible)|
|
||||
| **iOS** | [App-based](ios-install.md) |
|
||||
| **Android** | [Microsoft Endpoint Manager](android-intune.md) |
|
||||
|
||||
|
||||
|
||||
## Step 3: Configure capabilities
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 7.4 KiB |
@ -26,16 +26,40 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
|
||||
- Onboarding Windows devices to the service
|
||||
- Configuring Microsoft Defender ATP capabilities
|
||||
|
||||
This onboarding guidance will walk you through:
|
||||
- **Creating a collection in Microsoft Endpoint Configuration Manager**
|
||||
- **Configuring Microsoft Defender ATP capabilities using Microsoft Endpoint Configuration Manager**
|
||||
|
||||
>[!NOTE]
|
||||
>Only Windows devices are covered in this example deployment.
|
||||
|
||||
While Microsoft Defender ATP supports onboarding of various endpoints and tools, this article does not cover them.
|
||||
|
||||
For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
|
||||
|
||||
|
||||
|
||||
|
||||
## Collection creation
|
||||
To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the
|
||||
deployment can target either and existing collection or a new collection can be
|
||||
created for testing. The onboarding like group policy or manual method does
|
||||
not install any agent on the system. Within the Configuration Manager console
|
||||
deployment can target an existing collection or a new collection can be
|
||||
created for testing.
|
||||
|
||||
Onboarding using tools such as Group policy or manual method does not install any agent on the system.
|
||||
|
||||
Within the Microsoft Endpoint Configuration Manager console
|
||||
the onboarding process will be configured as part of the compliance settings
|
||||
within the console. Any system that receives this required configuration will
|
||||
within the console.
|
||||
|
||||
Any system that receives this required configuration will
|
||||
maintain that configuration for as long as the Configuration Manager client
|
||||
continues to receive this policy from the management point. Follow the steps
|
||||
below to onboard systems with Configuration Manager.
|
||||
continues to receive this policy from the management point.
|
||||
|
||||
Follow the steps below to onboard endpoints using Microsoft Endpoint Configuration Manager.
|
||||
|
||||
1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
|
||||
@ -75,8 +99,17 @@ below to onboard systems with Configuration Manager.
|
||||
|
||||
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
||||
|
||||
## Endpoint detection and response
|
||||
### Windows 10
|
||||
|
||||
## Configure Microsoft Defender ATP capabilities
|
||||
This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices:
|
||||
|
||||
- **Endpoint detection and response**
|
||||
- **Next-generation protection**
|
||||
- **Attack surface reduction**
|
||||
|
||||
|
||||
### Endpoint detection and response
|
||||
#### Windows 10
|
||||
From within the Microsoft Defender Security Center it is possible to download
|
||||
the '.onboarding' policy that can be used to create the policy in System Center Configuration
|
||||
Manager and deploy that policy to Windows 10 devices.
|
||||
@ -132,7 +165,7 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
|
||||
|
||||
### Previous versions of Windows Client (Windows 7 and Windows 8.1)
|
||||
#### Previous versions of Windows Client (Windows 7 and Windows 8.1)
|
||||
Follow the steps below to identify the Microsoft Defender ATP Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
|
||||
|
||||
1. From a Microsoft Defender Security Center Portal, select **Settings > Onboarding**.
|
||||
@ -183,7 +216,7 @@ Follow the steps below to identify the Microsoft Defender ATP Workspace ID and W
|
||||
|
||||
Once completed, you should see onboarded endpoints in the portal within an hour.
|
||||
|
||||
## Next generation protection
|
||||
### Next generation protection
|
||||
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
||||
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
@ -230,7 +263,7 @@ needs on how Antivirus is configured.
|
||||
After completing this task, you now have successfully configured Windows
|
||||
Defender Antivirus.
|
||||
|
||||
## Attack surface reduction
|
||||
### Attack surface reduction
|
||||
The attack surface reduction pillar of Microsoft Defender ATP includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
|
||||
Protection.
|
||||
|
||||
@ -295,7 +328,7 @@ See [Optimize ASR rule deployment and
|
||||
detections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr) for more details.
|
||||
|
||||
|
||||
### To set Network Protection rules in Audit mode:
|
||||
#### Set Network Protection rules in Audit mode:
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
@ -325,7 +358,7 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
After completing this task, you now have successfully configured Network
|
||||
Protection in audit mode.
|
||||
|
||||
### To set Controlled Folder Access rules in Audit mode:
|
||||
#### To set Controlled Folder Access rules in Audit mode:
|
||||
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
@ -27,24 +27,24 @@ ms.topic: article
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
In this section, we will be using Microsoft Endpoint Manager (MEM) to deploy
|
||||
Microsoft Defender ATP to your endpoints.
|
||||
|
||||
For more information about MEM, check out these resources:
|
||||
- [Microsoft Endpoint Manager page](https://docs.microsoft.com/mem/)
|
||||
- [Blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)
|
||||
- [Introduction video on MEM](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace)
|
||||
|
||||
|
||||
This process is a multi-step process, you'll need to:
|
||||
This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
|
||||
- Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM)
|
||||
- Configuring Microsoft Defender ATP capabilities
|
||||
|
||||
- Identify target devices or users
|
||||
This onboarding guidance will walk you through:
|
||||
- Identifying target devices or users
|
||||
|
||||
- Create an Azure Active Directory group (User or Device)
|
||||
- Creating an Azure Active Directory group (User or Device)
|
||||
|
||||
- Create a Configuration Profile
|
||||
- Creating a Configuration Profile
|
||||
|
||||
- In MEM, we'll guide you in creating a separate policy for each feature
|
||||
- In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability.
|
||||
|
||||
While Microsoft Defender ATP supports onboarding of various endpoints and tools, this article does not cover them.
|
||||
|
||||
For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
|
||||
|
||||
## Resources
|
||||
|
||||
@ -57,6 +57,11 @@ Here are the links you'll need for the rest of the process:
|
||||
|
||||
- [Intune Security baselines](https://docs.microsoft.com/mem/intune/protect/security-baseline-settings-defender-atp#microsoft-defender)
|
||||
|
||||
For more information about Microsoft Endpoint Manager, check out these resources:
|
||||
- [Microsoft Endpoint Manager page](https://docs.microsoft.com/mem/)
|
||||
- [Blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)
|
||||
- [Introduction video on MEM](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace)
|
||||
|
||||
## Identify target devices or users
|
||||
In this section, we will create a test group to assign your configurations on.
|
||||
|
||||
@ -90,11 +95,14 @@ needs.<br>
|
||||
|
||||
8. Your testing group now has a member to test.
|
||||
|
||||
## Create configuration policies
|
||||
## Create configuration policies to configure Microsoft Defender ATP capabilities
|
||||
In the following section, you'll create a number of configuration policies.
|
||||
|
||||
First is a configuration policy to select which groups of users or devices will
|
||||
be onboarded to Microsoft Defender ATP. Then you will continue by creating several
|
||||
different types of Endpoint security policies.
|
||||
be onboarded to Microsoft Defender ATP.
|
||||
|
||||
Then you will continue by creating several
|
||||
different types of endpoint security policies.
|
||||
|
||||
### Endpoint detection and response
|
||||
|
||||
|
||||
@ -51,36 +51,44 @@ Deploying Microsoft Defender ATP is a three-phase process:
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
You are currently in the onboarding phase.
|
||||
|
||||
These are the steps you need to take to deploy Microsoft Defender ATP:
|
||||
|
||||
- Onboard endpoints to the service using management tools
|
||||
- Configure capabilities
|
||||
|
||||
## Step 1: Onboard endpoints using management tools
|
||||
The [Plan deployment]() topic outlines the general steps you need to take to deploy Microsoft Defender ATP.
|
||||
|
||||
After identifying your architecture, you'll need to decide on the deployment method. The deployment tool you choose dictates how you onboard endpoints to the service.
|
||||
|
||||
### Onboarding tool options
|
||||
|
||||
The following table lists the available tools based on the endpoint that you need to onboard.
|
||||
|
||||
| Endpoint | Tool options |
|
||||
|--------------|------------------------------------------|
|
||||
| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) |
|
||||
| **macOS** | [Local scripts](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) |
|
||||
| **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible)|
|
||||
| **iOS** | [App-based](ios-install.md) |
|
||||
| **Android** | [Microsoft Endpoint Manager](android-intune.md) |
|
||||
|
||||
|
||||
To deploy Microsoft Defender ATP, you'll need to onboard devices to the service.
|
||||
|
||||
Depending on the architecture of your environment, you'll need to use the appropriate management tool that best suites your requirements.
|
||||
## Step 2: Configure capabilities
|
||||
After onboarding the endpoints, you'll then configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.
|
||||
|
||||
|
||||
## Onboarding options and tools
|
||||
Understand the various onboarding options and tools that Microsoft Defender ATP provides, so you can decide what is best for your environment.
|
||||
## Example deployments
|
||||
In this deployment guide, we'll guide you through using two deployment tools to onboard endpoints and how to configure capabilities.
|
||||
|
||||
The tools in the example deployments are:
|
||||
- [Onboarding using Microsoft Endpoint Configuration Manager](onboarding-endpoint-configuration-manager.md)
|
||||
- [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)
|
||||
|
||||
|
||||
It's important to know what onboarding options and tools ae
|
||||
|
||||
|
||||
Every enterprise environement is unique and may require different tools and ways to onboard endpoints.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
After onboarding the devices, you'll then configure the various capabilities such as endpoint detection and response, next-generation protection, and attack surface reduction.
|
||||
|
||||
|
||||
This article provides resources to guide you on:
|
||||
- Using various management tools to onboard devices
|
||||
- [Onboarding using Microsoft Endpoint Configuration Manager](onboarding-endpoint-configuration-manager.md)
|
||||
- [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)
|
||||
Using the mentioned deployment tools above, you'll then be guided in configuring the following Microsoft Defender ATP capabilities:
|
||||
- Endpoint detection and response configuration
|
||||
- Next-generation protection configuration
|
||||
- Attack surface reduction configuration
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user