|
|
|
@ -1,7 +1,7 @@
|
|
|
|
---
|
|
|
|
---
|
|
|
|
title: Onboarding using Microsoft Endpoint Manager
|
|
|
|
title: Onboarding using Microsoft Endpoint Configuration Manager
|
|
|
|
description: Learn how to onboard to Microsoft Defender ATP using Microsoft Endpoint Configuration Manager
|
|
|
|
description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Configuration Manager
|
|
|
|
keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction
|
|
|
|
keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint configuration manager
|
|
|
|
search.product: eADQiWindows 10XVcnh
|
|
|
|
search.product: eADQiWindows 10XVcnh
|
|
|
|
ms.prod: w10
|
|
|
|
ms.prod: w10
|
|
|
|
ms.mktglfcycl: deploy
|
|
|
|
ms.mktglfcycl: deploy
|
|
|
|
@ -19,7 +19,7 @@ ms.collection:
|
|
|
|
ms.topic: article
|
|
|
|
ms.topic: article
|
|
|
|
---
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
# Onboarding using Microsoft Endpoint Manager
|
|
|
|
# Onboarding using Microsoft Endpoint Configuration Manager
|
|
|
|
|
|
|
|
|
|
|
|
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
|
|
|
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
|
|
|
|
|
|
|
|
|
|
|
@ -63,7 +63,7 @@ created for testing.
|
|
|
|
|
|
|
|
|
|
|
|
Onboarding using tools such as Group policy or manual method does not install any agent on the system.
|
|
|
|
Onboarding using tools such as Group policy or manual method does not install any agent on the system.
|
|
|
|
|
|
|
|
|
|
|
|
Within the Microsoft Endpoint Manager console
|
|
|
|
Within the Microsoft Endpoint Configuration Manager console
|
|
|
|
the onboarding process will be configured as part of the compliance settings
|
|
|
|
the onboarding process will be configured as part of the compliance settings
|
|
|
|
within the console.
|
|
|
|
within the console.
|
|
|
|
|
|
|
|
|
|
|
|
@ -73,47 +73,47 @@ continues to receive this policy from the management point.
|
|
|
|
|
|
|
|
|
|
|
|
Follow the steps below to onboard endpoints using Microsoft Endpoint Configuration Manager.
|
|
|
|
Follow the steps below to onboard endpoints using Microsoft Endpoint Configuration Manager.
|
|
|
|
|
|
|
|
|
|
|
|
1. In Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
|
|
|
1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2. Right Click **Device Collection** and select **Create Device Collection**.
|
|
|
|
2. Right Click **Device Collection** and select **Create Device Collection**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
|
|
|
|
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. Select **Add Rule** and choose **Query Rule**.
|
|
|
|
4. Select **Add Rule** and choose **Query Rule**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
|
|
|
|
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6. Select **Criteria** and then choose the star icon.
|
|
|
|
6. Select **Criteria** and then choose the star icon.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
|
|
|
|
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8. Select **Next** and **Close**.
|
|
|
|
8. Select **Next** and **Close**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9. Select **Next**.
|
|
|
|
9. Select **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
|
|
|
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Step 2: Configure Microsoft Defender for Endpoint capabilities
|
|
|
|
## Step 2: Configure Microsoft Defender for Endpoint capabilities
|
|
|
|
This section guides you in configuring the following capabilities using Microsoft Endpoint Manager on Windows devices:
|
|
|
|
This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices:
|
|
|
|
|
|
|
|
|
|
|
|
- [**Endpoint detection and response**](#endpoint-detection-and-response)
|
|
|
|
- [**Endpoint detection and response**](#endpoint-detection-and-response)
|
|
|
|
- [**Next-generation protection**](#next-generation-protection)
|
|
|
|
- [**Next-generation protection**](#next-generation-protection)
|
|
|
|
@ -143,11 +143,11 @@ Manager and deploy that policy to Windows 10 devices.
|
|
|
|
|
|
|
|
|
|
|
|
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
|
|
|
|
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
|
|
|
|
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8. Click **Browse**.
|
|
|
|
8. Click **Browse**.
|
|
|
|
|
|
|
|
|
|
|
|
@ -168,7 +168,7 @@ Manager and deploy that policy to Windows 10 devices.
|
|
|
|
|
|
|
|
|
|
|
|
15. Click **Close** when the Wizard completes.
|
|
|
|
15. Click **Close** when the Wizard completes.
|
|
|
|
|
|
|
|
|
|
|
|
16. In the Microsoft Endpoint Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
|
|
|
16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -231,7 +231,7 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
|
|
|
|
### Next generation protection
|
|
|
|
### Next generation protection
|
|
|
|
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
|
|
|
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
|
|
|
|
|
|
|
|
|
|
|
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
|
|
|
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -283,9 +283,9 @@ All these features provide an audit mode and a block mode. In audit mode there i
|
|
|
|
|
|
|
|
|
|
|
|
To set ASR rules in Audit mode:
|
|
|
|
To set ASR rules in Audit mode:
|
|
|
|
|
|
|
|
|
|
|
|
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
|
|
|
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2. Select **Attack Surface Reduction**.
|
|
|
|
2. Select **Attack Surface Reduction**.
|
|
|
|
@ -293,26 +293,26 @@ To set ASR rules in Audit mode:
|
|
|
|
|
|
|
|
|
|
|
|
3. Set rules to **Audit** and click **Next**.
|
|
|
|
3. Set rules to **Audit** and click **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. Confirm the new Exploit Guard policy by clicking on **Next**.
|
|
|
|
4. Confirm the new Exploit Guard policy by clicking on **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5. Once the policy is created click **Close**.
|
|
|
|
5. Once the policy is created click **Close**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6. Right-click on the newly created policy and choose **Deploy**.
|
|
|
|
6. Right-click on the newly created policy and choose **Deploy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
|
|
|
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
After completing this task, you now have successfully configured ASR rules in audit mode.
|
|
|
|
After completing this task, you now have successfully configured ASR rules in audit mode.
|
|
|
|
|
|
|
|
|
|
|
|
@ -341,7 +341,7 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#### Set Network Protection rules in Audit mode:
|
|
|
|
#### Set Network Protection rules in Audit mode:
|
|
|
|
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
|
|
|
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -361,42 +361,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
|
|
|
|
|
|
|
|
|
|
|
6. Right-click on the newly created policy and choose **Deploy**.
|
|
|
|
6. Right-click on the newly created policy and choose **Deploy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7. Select the policy to the newly created Windows 10 collection and choose **OK**.
|
|
|
|
7. Select the policy to the newly created Windows 10 collection and choose **OK**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
After completing this task, you now have successfully configured Network
|
|
|
|
After completing this task, you now have successfully configured Network
|
|
|
|
Protection in audit mode.
|
|
|
|
Protection in audit mode.
|
|
|
|
|
|
|
|
|
|
|
|
#### To set Controlled Folder Access rules in Audit mode:
|
|
|
|
#### To set Controlled Folder Access rules in Audit mode:
|
|
|
|
|
|
|
|
|
|
|
|
1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
|
|
|
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2. Select **Controlled folder access**.
|
|
|
|
2. Select **Controlled folder access**.
|
|
|
|
|
|
|
|
|
|
|
|
3. Set the configuration to **Audit** and click **Next**.
|
|
|
|
3. Set the configuration to **Audit** and click **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
|
|
|
|
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5. Once the policy is created click on **Close**.
|
|
|
|
5. Once the policy is created click on **Close**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6. Right-click on the newly created policy and choose **Deploy**.
|
|
|
|
6. Right-click on the newly created policy and choose **Deploy**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
|
|
|
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You have now successfully configured Controlled folder access in audit mode.
|
|
|
|
You have now successfully configured Controlled folder access in audit mode.
|
|
|
|
|
|
|
|
|
|
|
|
|
Denise Vangel-MSFT