From 2563bc38c1ed4dc1f99f77b4e19b96b2474dcced Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 15:30:32 +1000 Subject: [PATCH 1/9] update endpoint docs --- .gitignore | 3 + ...tion-windows-advanced-threat-protection.md | 4 +- ...ints-windows-advanced-threat-protection.md | 63 ++++++++++--------- ...ows-defender-advanced-threat-protection.md | 7 ++- ...ding-windows-advanced-threat-protection.md | 1 + ...gure-windows-advanced-threat-protection.md | 4 +- ...ding-windows-advanced-threat-protection.md | 3 +- 7 files changed, 52 insertions(+), 33 deletions(-) diff --git a/.gitignore b/.gitignore index 643bf6e6c0..b16bde70d6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,9 @@ obj/ _site/ Tools/NuGet/ .optemp/ +.sln +.suo + .openpublishing.build.mdproj .openpublishing.buildcore.ps1 diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index c5e38182d4..3fa9537fcd 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -14,6 +14,8 @@ author: mjcaparas **Applies to** - Windows 10 Insider Preview +- System Center Configuration Manager +- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -37,7 +39,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 6. Choose to enable or disable sample sharing from your endpoints. -## Configure sample collection settings with Configuration Manager +## Configure sample collection settings with System Center Configuration Manager TBA diff --git a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md index 6cc137aa42..5b6df19735 100644 --- a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Use Group Policy to deploy the configuration package or do manual r keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- @@ -12,25 +12,53 @@ author: mjcaparas # Configure Windows Defender ATP endpoints (client onboarding) - Windows 10 Insider Preview +- System Center Configuration Manager +- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can use a Group Policy (GP) configuration package or an automated script to configure endpoints. You can deploy the GP configuration package or script with a GP update, or manually through the command line. +You can configure endpoints by using a System Center Configuration Manager (SCCM) or Group Policy Management Console (GPMC) configuration package, or by running an automated script. + +## Configure with System Center Configuration Manager (SCCM) + +1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name ((I can't download it)) + + a. Click **Client onboarding** on the **Navigation pane**. + + b. Select **SCCM**, click **Download package**, and save the .zip file. + > **Note**   It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared. + +2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. + +3. In the SCCM console, go to **Software Library**. + +4. Under **Application Management**, right-click **Packages** and select **Import**. + +5. Click **Browse** and choose the package that was downloaded from the portal (zip file). + +6. The package will appear under the Packages page. + +7. Right-click the Package and choose deploy. + +8. Choose a predefined device collection to deploy the package to. + +Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) ## Configure with Group Policy Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service. > **Note**   To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 TAP. -1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): +1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): a. Click **Client onboarding** on the **Navigation pane**. - b. Select **GP**, click **Download package** and save the .zip file. - + b. Select **GP**, click **Download package**, and save the .zip file. + > **Note**   It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared. + 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called _*OptionalParamsPolicy*_ and the file _*WindowsATPOnboardingPackage.cmd*_. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc753298.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**. @@ -46,27 +74,6 @@ Using the GP configuration package ensures your endpoints will be correctly conf For additional settings, see the [Additional configuration settings section](additional-configuration-windows-advanced-threat-protection.md). -## Configure with System Center Configuration Manager (SCCM) - -1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name - - a. Click **Client onboarding** on the **Navigation pane**. - - b. Select **SCCM**, click **Download package**, and save the .zip file. Iaan: Need to confirm the UI for this - -2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. - -Iaan: Will confirm ui for this - -3. In the SCCM console, go to **Software Library**. -4. Under **Application Management**, right-click **Packages** and select **Import**. -5. Click **Browse** and choose the package that was downloaded from the portal (zip file). -6. The package will appear under the Packages page. -7. Right-click the Package and choose deploy. -8. Choose a predefined device collection to deploy the package to. - -Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) - ## Configure endpoints manually with registry changes You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. @@ -83,7 +90,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You ![Window Start menu pointing to Run as administrator](images/run-as-admin.png) 3. Type the location of the script file. If you copied the file the - desktop, type:```*%userprofile%\Desktop\WindowsATPOnboardingScript.sc*``` + desktop, type: *```%userprofile%\Desktop\WindowsATPOnboardingScript.sc```* 4. Press the **Enter** key or click **OK**. diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index c483bf1efd..6d4a18f344 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -13,6 +13,8 @@ ms.sitesec: library **Applies to** - Windows 10 Insider Preview +- System Center Configuration Manager +- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -57,9 +59,9 @@ disabled you can turn it on by following the instructions in the ### Deployment channel operating system requirements -You can choose to onboard endpoints with a scheduled Group Policy +You can choose to onboard endpoints with System Center Configuration Manager (SCCM) or a scheduled Group Policy (GP) update (using a GP package that you -download from the portal or during the service onboarding wizard) or +download from the portal or during the service onboarding wizard). You can also apply manual registry changes. The following describes the minimum operating system or software version @@ -67,6 +69,7 @@ required for each deployment channel. Deployment channel | Minimum server requirements :---|:--- +System Center Configuration Manager | **WHAT VERSIONS** Group Policy settings | Windows Server 2008 R2 Manual registry modifications | No minimum requirements diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index 0a95b9131a..82da79a4c0 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -12,6 +12,7 @@ author: mjcaparas # Monitor the Windows Defender Advanced Threat Protection onboarding - Windows 10 Insider Preview +- System Center Configuration Manager [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] diff --git a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md index 3d31d3693d..63f28c3c31 100644 --- a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md +++ b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md @@ -14,6 +14,8 @@ author: mjcaparas **Applies to** - Windows 10 Insider Preview +- System Center Configuration Manager +- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -24,7 +26,7 @@ There are two stages to onboarding: 1. Set up user access in AAD and use a wizard to create a dedicated cloud instance for your network (known as “service onboarding”). -2. Add endpoints to the service with scheduled GP updates or manual +2. Add endpoints to the service with System Center Configuration Manager, scheduled GP updates, or manual registry changes (known as “endpoint onboarding”). ## In this section diff --git a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md index 92e31985a1..3f7ffc708a 100644 --- a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Assign users to the Windows Defender ATP service application in Azu keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- @@ -12,6 +12,7 @@ author: mjcaparas # Windows Defender ATP service onboarding - Windows 10 Insider Preview +- Azure Active Directory [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] From 406b2a8e280c57f5bb54eac036a3a4cc17929cd3 Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 15:43:27 +1000 Subject: [PATCH 2/9] deploy --- ...roubleshoot-onboarding-windows-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-advanced-threat-protection.md index 7256569ddb..4cce488c83 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Troubleshoot issues that might arise during the onboarding of endpo keywords: troubleshoot onboarding, onboarding issues, event viewer, azure management portal, data collection and preview builds search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- From 93ad344d47a728925897086d00304696b4518133 Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 15:47:33 +1000 Subject: [PATCH 3/9] Revert "update endpoint docs" This reverts commit 2563bc38c1ed4dc1f99f77b4e19b96b2474dcced. --- .gitignore | 3 - ...tion-windows-advanced-threat-protection.md | 4 +- ...ints-windows-advanced-threat-protection.md | 63 +++++++++---------- ...ows-defender-advanced-threat-protection.md | 7 +-- ...ding-windows-advanced-threat-protection.md | 1 - ...gure-windows-advanced-threat-protection.md | 4 +- ...ding-windows-advanced-threat-protection.md | 3 +- 7 files changed, 33 insertions(+), 52 deletions(-) diff --git a/.gitignore b/.gitignore index b16bde70d6..643bf6e6c0 100644 --- a/.gitignore +++ b/.gitignore @@ -5,9 +5,6 @@ obj/ _site/ Tools/NuGet/ .optemp/ -.sln -.suo - .openpublishing.build.mdproj .openpublishing.buildcore.ps1 diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index 3fa9537fcd..c5e38182d4 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -14,8 +14,6 @@ author: mjcaparas **Applies to** - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -39,7 +37,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 6. Choose to enable or disable sample sharing from your endpoints. -## Configure sample collection settings with System Center Configuration Manager +## Configure sample collection settings with Configuration Manager TBA diff --git a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md index 5b6df19735..6cc137aa42 100644 --- a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Use Group Policy to deploy the configuration package or do manual r keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: deploy +ms.mktglfcycl: ms.sitesec: library author: mjcaparas --- @@ -12,53 +12,25 @@ author: mjcaparas # Configure Windows Defender ATP endpoints (client onboarding) - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can configure endpoints by using a System Center Configuration Manager (SCCM) or Group Policy Management Console (GPMC) configuration package, or by running an automated script. - -## Configure with System Center Configuration Manager (SCCM) - -1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name ((I can't download it)) - - a. Click **Client onboarding** on the **Navigation pane**. - - b. Select **SCCM**, click **Download package**, and save the .zip file. - > **Note**   It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared. - -2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. - -3. In the SCCM console, go to **Software Library**. - -4. Under **Application Management**, right-click **Packages** and select **Import**. - -5. Click **Browse** and choose the package that was downloaded from the portal (zip file). - -6. The package will appear under the Packages page. - -7. Right-click the Package and choose deploy. - -8. Choose a predefined device collection to deploy the package to. - -Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) +You can use a Group Policy (GP) configuration package or an automated script to configure endpoints. You can deploy the GP configuration package or script with a GP update, or manually through the command line. ## Configure with Group Policy Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service. > **Note**   To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 TAP. -1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): +1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): a. Click **Client onboarding** on the **Navigation pane**. - b. Select **GP**, click **Download package**, and save the .zip file. - > **Note**   It may take a few moments for the package to be prepared and delivered to you. A progress bar will appear at the very top of the portal to indicate the package is being prepared. - + b. Select **GP**, click **Download package** and save the .zip file. + 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called _*OptionalParamsPolicy*_ and the file _*WindowsATPOnboardingPackage.cmd*_. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc753298.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**. @@ -74,6 +46,27 @@ Using the GP configuration package ensures your endpoints will be correctly conf For additional settings, see the [Additional configuration settings section](additional-configuration-windows-advanced-threat-protection.md). +## Configure with System Center Configuration Manager (SCCM) + +1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name + + a. Click **Client onboarding** on the **Navigation pane**. + + b. Select **SCCM**, click **Download package**, and save the .zip file. Iaan: Need to confirm the UI for this + +2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. + +Iaan: Will confirm ui for this + +3. In the SCCM console, go to **Software Library**. +4. Under **Application Management**, right-click **Packages** and select **Import**. +5. Click **Browse** and choose the package that was downloaded from the portal (zip file). +6. The package will appear under the Packages page. +7. Right-click the Package and choose deploy. +8. Choose a predefined device collection to deploy the package to. + +Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) + ## Configure endpoints manually with registry changes You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. @@ -90,7 +83,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You ![Window Start menu pointing to Run as administrator](images/run-as-admin.png) 3. Type the location of the script file. If you copied the file the - desktop, type: *```%userprofile%\Desktop\WindowsATPOnboardingScript.sc```* + desktop, type:```*%userprofile%\Desktop\WindowsATPOnboardingScript.sc*``` 4. Press the **Enter** key or click **OK**. diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index 6d4a18f344..c483bf1efd 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -13,8 +13,6 @@ ms.sitesec: library **Applies to** - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -59,9 +57,9 @@ disabled you can turn it on by following the instructions in the ### Deployment channel operating system requirements -You can choose to onboard endpoints with System Center Configuration Manager (SCCM) or a scheduled Group Policy +You can choose to onboard endpoints with a scheduled Group Policy (GP) update (using a GP package that you -download from the portal or during the service onboarding wizard). You can also apply +download from the portal or during the service onboarding wizard) or manual registry changes. The following describes the minimum operating system or software version @@ -69,7 +67,6 @@ required for each deployment channel. Deployment channel | Minimum server requirements :---|:--- -System Center Configuration Manager | **WHAT VERSIONS** Group Policy settings | Windows Server 2008 R2 Manual registry modifications | No minimum requirements diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index 82da79a4c0..0a95b9131a 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -12,7 +12,6 @@ author: mjcaparas # Monitor the Windows Defender Advanced Threat Protection onboarding - Windows 10 Insider Preview -- System Center Configuration Manager [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] diff --git a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md index 63f28c3c31..3d31d3693d 100644 --- a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md +++ b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md @@ -14,8 +14,6 @@ author: mjcaparas **Applies to** - Windows 10 Insider Preview -- System Center Configuration Manager -- Group Policy Management Console [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] @@ -26,7 +24,7 @@ There are two stages to onboarding: 1. Set up user access in AAD and use a wizard to create a dedicated cloud instance for your network (known as “service onboarding”). -2. Add endpoints to the service with System Center Configuration Manager, scheduled GP updates, or manual +2. Add endpoints to the service with scheduled GP updates or manual registry changes (known as “endpoint onboarding”). ## In this section diff --git a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md index 3f7ffc708a..92e31985a1 100644 --- a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Assign users to the Windows Defender ATP service application in Azu keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: deploy +ms.mktglfcycl: ms.sitesec: library author: mjcaparas --- @@ -12,7 +12,6 @@ author: mjcaparas # Windows Defender ATP service onboarding - Windows 10 Insider Preview -- Azure Active Directory [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] From 85687212b74da27673e240c24dfa0562993f2daa Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 15:52:26 +1000 Subject: [PATCH 4/9] upload --- ...ditional-configuration-windows-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index c5e38182d4..d611db439c 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Use the Group Policy Console to configure settings that enable samp keywords: configuration settings, Windows Defender ATP configuration settings, Windows Defender Advanced Threat Protection configuration settings, group policy Management Editor, computer configuration, policies, administrative templates, search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- From fc32ce7f7f80fc8c2feb369c5441766d7c663ccc Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 15:58:08 +1000 Subject: [PATCH 5/9] updates --- ...ints-windows-advanced-threat-protection.md | 44 +++++++++---------- ...ows-defender-advanced-threat-protection.md | 2 +- ...ding-windows-advanced-threat-protection.md | 2 +- ...gure-windows-advanced-threat-protection.md | 8 ++-- ...ding-windows-advanced-threat-protection.md | 5 ++- 5 files changed, 31 insertions(+), 30 deletions(-) diff --git a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md index 6cc137aa42..fa502c8b9f 100644 --- a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Use Group Policy to deploy the configuration package or do manual r keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- @@ -17,6 +17,27 @@ author: mjcaparas You can use a Group Policy (GP) configuration package or an automated script to configure endpoints. You can deploy the GP configuration package or script with a GP update, or manually through the command line. +## Configure with System Center Configuration Manager (SCCM) + +1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name + + a. Click **Client onboarding** on the **Navigation pane**. + + b. Select **SCCM**, click **Download package**, and save the .zip file. Iaan: Need to confirm the UI for this + +2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. + +Iaan: Will confirm ui for this + +3. In the SCCM console, go to **Software Library**. +4. Under **Application Management**, right-click **Packages** and select **Import**. +5. Click **Browse** and choose the package that was downloaded from the portal (zip file). +6. The package will appear under the Packages page. +7. Right-click the Package and choose deploy. +8. Choose a predefined device collection to deploy the package to. + +Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) + ## Configure with Group Policy Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service. @@ -46,27 +67,6 @@ Using the GP configuration package ensures your endpoints will be correctly conf For additional settings, see the [Additional configuration settings section](additional-configuration-windows-advanced-threat-protection.md). -## Configure with System Center Configuration Manager (SCCM) - -1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): Naama: Confirm package name - - a. Click **Client onboarding** on the **Navigation pane**. - - b. Select **SCCM**, click **Download package**, and save the .zip file. Iaan: Need to confirm the UI for this - -2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. - -Iaan: Will confirm ui for this - -3. In the SCCM console, go to **Software Library**. -4. Under **Application Management**, right-click **Packages** and select **Import**. -5. Click **Browse** and choose the package that was downloaded from the portal (zip file). -6. The package will appear under the Packages page. -7. Right-click the Package and choose deploy. -8. Choose a predefined device collection to deploy the package to. - -Naama note: If it’s a package we create then we’ll set the necessary privileges, otherwise provide guidance (Omri: what is the necessary privileges?) - ## Configure endpoints manually with registry changes You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index c483bf1efd..bf1d4c5eb8 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Minimum network and data storage configuration, endpoint hardware a keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library --- diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index 0a95b9131a..d9c889806c 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Monitor the onboarding of the Windows Defender ATP service to ensur keywords: monitor onboarding, monitor Windows Defender ATP onboarding, monitor Windows Defender Advanced Threat Protection onboarding search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- diff --git a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md index 3d31d3693d..0dbde57476 100644 --- a/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md +++ b/windows/keep-secure/onboard-configure-windows-advanced-threat-protection.md @@ -6,10 +6,10 @@ search.product: eADQiWindows 10XVcnh ms.prod: W10 ms.mktglfcycl: ms.sitesec: library -author: mjcaparas +author: iaanw --- -# Onboard endpoints and set up the Windows Defender ATP user access +# Onboard and set up Windows Defender Advanced Threat Protection **Applies to** @@ -24,14 +24,14 @@ There are two stages to onboarding: 1. Set up user access in AAD and use a wizard to create a dedicated cloud instance for your network (known as “service onboarding”). -2. Add endpoints to the service with scheduled GP updates or manual +2. Add endpoints to the service with System Center Configuration Manager, scheduled GP updates, or manual registry changes (known as “endpoint onboarding”). ## In this section Topic | Description :---|:--- [Windows Defender ATP service onboarding](service-onboarding-windows-advanced-threat-protection.md) | Learn about managing user access to the Windows Defender ATP portal by assigning users to the Windows Defender ATP service application in ADD. -[Configure Windows Defender ATP endpoints (client onboarding)](configure-endpoints-windows-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn how you can use the configuration package to configure endpoints in your enterprise. +[Configure Windows Defender ATP endpoints (endpoint onboarding)](configure-endpoints-windows-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn how you can use the configuration package to configure endpoints in your enterprise. [Monitor the Windows Defender ATP onboarding](monitor-onboarding-windows-advanced-threat-protection.md) | Learn how you can monitor the onboarding to ensure your endpoints are correctly configured and are sending telemetry reports. [Additional Windows Defender ATP configuration settings](additional-configuration-windows-advanced-threat-protection.md) | This topic describes the steps you need to take to configure settings for sample sharing used in the deep analysis feature. [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-advanced-threat-protection.md) | This topic contains information on how you can resolve issues that might arise during onboarding. diff --git a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md index 92e31985a1..fd231a6601 100644 --- a/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/service-onboarding-windows-advanced-threat-protection.md @@ -4,14 +4,15 @@ description: Assign users to the Windows Defender ATP service application in Azu keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: deploy ms.sitesec: library author: mjcaparas --- -# Windows Defender ATP service onboarding +# Windows Defender ATP service onboarding - Windows 10 Insider Preview +- Azure Active Directory [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] From 9efe6c7e38df4e0d6e96aff3f9f550545f6412ce Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 16:22:07 +1000 Subject: [PATCH 6/9] update endpoint --- ...endpoints-windows-advanced-threat-protection.md | 3 +-- ...nboarding-windows-advanced-threat-protection.md | 14 +++++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md index fa502c8b9f..da95a7207d 100644 --- a/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-advanced-threat-protection.md @@ -83,7 +83,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You ![Window Start menu pointing to Run as administrator](images/run-as-admin.png) 3. Type the location of the script file. If you copied the file the - desktop, type:```*%userprofile%\Desktop\WindowsATPOnboardingScript.sc*``` + desktop, type: *```%userprofile%\Desktop\WindowsATPOnboardingScript.cmd```* 4. Press the **Enter** key or click **OK**. @@ -94,4 +94,3 @@ See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding iss - [Monitor the Windows Defender ATP onboarding](monitor-onboarding-windows-advanced-threat-protection.md) - [Additional Windows Defender ATP configuration settings](additional-configuration-windows-advanced-threat-protection.md) - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-advanced-threat-protection.md) - diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index d9c889806c..749f5fe435 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -30,15 +30,15 @@ Monitoring can be done directly on the portal, or by using System Center Configu 3. Verify that endpoints are appearing. -> **Note**  It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the Group Policy (GP) update to be distributed to the endpoint, the time it takes before the user logs on or initiates a GP update, and the time it takes for the endpoint to start reporting to the portal. +> **Note**  It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting. -## Monitoring with System Center Configuration Manager +## Monitor with System Center Configuration Manager Monitoring with SCCM consists of two parts: 1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the endpoints in your network. -2. Checking that the endpoints are compliant with the Windows Defender ATP service (this ensures the endpoint can complete the onboarding process and can continue to report data to the service). +[[[2. Checking that the endpoints are compliant with the Windows Defender ATP service (this ensures the endpoint can complete the onboarding process and can continue to report data to the service).]] **To confirm the configuration package has been correctly deployed:** @@ -46,17 +46,17 @@ Monitoring with SCCM consists of two parts: 2. Click **Overview** and then **Deployments**. -3. Click on the deployment with the package name. What is the name of the deployment, will it always be the same for every user/installation? +3. Click on the deployment with the package name. What is the name of the deployment, will it always be the same for every user/installation? - it's chosen by the user 4. Review the status indicators under **Completion Statistics** and **Content Status**. If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the endpoints. See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-advanced-threat-protection.md) topic for more information. -Naama: Is this a correct process for idendtifying/resolving issues? +Naama: Is this a correct process for idendtifying/resolving issues? YES! ![image](images/sccm-deployment.png) -**To check that your endpoints are compliant:** +[[**To check that your endpoints are compliant:** 1. Get the *compliance.cab* file from the SCCM configuration package .zip file (*WindowsATPOnboardingPackage.zip*) that you downloaded during the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://seville.windows.com): @@ -86,7 +86,7 @@ If there are failed deployments (endpoints with **Error**, **Requirements Not Me If there are non-compliant endpoints (endpoints with ?????), you may need to troubleshoot the endpoints. See the [Troubleshoot Windows Defender ATP onboarding issues](troubleshoot-onboarding-windows-advanced-threat-protection.md) topic for more information. -Naama: Is this a correct process for resolving issues? +Naama: Is this a correct process for resolving issues?]]] ## Related topics - [Windows Defender ATP service onboarding](service-onboarding-windows-advanced-threat-protection.md) From 5b550528507a0a36ea73fe79034bd452a77ac59b Mon Sep 17 00:00:00 2001 From: Iaan Date: Wed, 20 Apr 2016 16:23:40 +1000 Subject: [PATCH 7/9] update endpoint --- ...ional-configuration-windows-advanced-threat-protection.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index d611db439c..b11e25cc3c 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -37,11 +37,6 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 6. Choose to enable or disable sample sharing from your endpoints. -## Configure sample collection settings with Configuration Manager - -TBA - - ## Related topics - [Windows Defender ATP service onboarding](service-onboarding-windows-advanced-threat-protection.md) - [Configure Windows Defender ATP endpoints (client onboarding)](configure-endpoints-windows-advanced-threat-protection.md) From e1e5c7f734540da59680d0445a1c78882decf93b Mon Sep 17 00:00:00 2001 From: Iaan Wiltshire Date: Wed, 20 Apr 2016 16:31:05 +1000 Subject: [PATCH 8/9] Update minimum-requirements-windows-defender-advanced-threat-protection.md --- ...-requirements-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index bf1d4c5eb8..b2b2d802d4 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Minimum network and data storage configuration, endpoint hardware a keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: deploy +ms.mktglfcycl: ms.sitesec: library --- From 4f62a9eaae6a849a715535136afb6d7b84e957b9 Mon Sep 17 00:00:00 2001 From: Iaan Wiltshire Date: Wed, 20 Apr 2016 16:31:17 +1000 Subject: [PATCH 9/9] Update minimum-requirements-windows-defender-advanced-threat-protection.md --- ...-requirements-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index b2b2d802d4..c483bf1efd 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -4,7 +4,7 @@ description: Minimum network and data storage configuration, endpoint hardware a keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel search.product: eADQiWindows 10XVcnh ms.prod: W10 -ms.mktglfcycl: +ms.mktglfcycl: ms.sitesec: library ---