mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-24 14:53:44 +00:00
Merge branch 'MDBranchMachineToDeviceParent' into MDBranchMachineToDeviceChild
This commit is contained in:
ManikaDhiman
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Query best practices for advanced hunting
|
||||
description: Learn how to construct fast, efficient, and error-free threat hunting queries when using advanced hunting
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: DeviceAlertEvents table in the advanced hunting schema
|
||||
description: Learn about alert generation events in the DeviceAlertEvents table of the advanced hunting schema
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: DeviceFileCertificateInfo table in the advanced hunting schema
|
||||
description: Learn about file signing information in the DeviceFileCertificateInfo table of the advanced hunting schema
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfo
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfo
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema
|
||||
description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide device information as well as security configuration details, impact, and compliance information.
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
|
||||
description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema.
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema
|
||||
description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema.
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema
|
||||
description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Overview of advanced hunting in Microsoft Defender ATP
|
||||
description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Learn the advanced hunting query language
|
||||
description: Create your first threat hunting query and learn about common operators and other aspects of the advanced hunting query language
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Work with advanced hunting query results in Microsoft Defender ATP
|
||||
description: Make the most of the query results returned by advanced hunting in Microsoft Defender ATP
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, visualization, chart, filters, drill down
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, visualization, chart, filters, drill down
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
@ -77,8 +77,8 @@ These results are best visualized using a stacked column chart:
|
||||
|
||||
*Query results for alerts by OS and severity displayed as a stacked chart*
|
||||
|
||||
#### Top ten machine groups with alerts
|
||||
If you're dealing with a list of values that isn’t finite, you can use the `Top` operator to chart only the values with the most instances. For example, to get the top ten machine groups with the most alerts, use the query below:
|
||||
#### Top ten device groups with alerts
|
||||
If you're dealing with a list of values that isn’t finite, you can use the `Top` operator to chart only the values with the most instances. For example, to get the top ten device groups with the most alerts, use the query below:
|
||||
|
||||
```kusto
|
||||
DeviceAlertEvents
|
||||
@ -89,7 +89,7 @@ DeviceAlertEvents
|
||||
Use the pie chart view to effectively show distribution across the top groups:
|
||||
|
||||
|
||||
*Pie chart showing distribution of alerts across machine groups*
|
||||
*Pie chart showing distribution of alerts across device groups*
|
||||
|
||||
#### Malware detections over time
|
||||
Using the `summarize` operator with the `bin()` function, you can check for events involving a particular indicator over time. The query below counts detections of an EICAR test file at 30 minute intervals to show spikes in detections of that file:
|
||||
@ -113,7 +113,7 @@ After running a query, select **Export** to save the results to local file. Your
|
||||
- **Any chart** — the query results are exported as a JPEG image of the rendered chart
|
||||
|
||||
## Drill down from query results
|
||||
To view more information about entities, such as machines, files, users, IP addresses, and URLs, in your query results, simply click the entity identifier. This opens a detailed profile page for the selected entity.
|
||||
To view more information about entities, such as devices, files, users, IP addresses, and URLs, in your query results, simply click the entity identifier. This opens a detailed profile page for the selected entity.
|
||||
|
||||
## Tweak your queries from the results
|
||||
Right-click a value in the result set to quickly enhance your query. You can use the options to:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Advanced hunting schema reference
|
||||
description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, data
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, data
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use shared queries in advanced hunting
|
||||
description: Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization.
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -22,7 +22,7 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
The Microsoft Defender ATP API Explorer is a tool that helps you explore various Microsoft Defender ATP APIs interactively.
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Access the Microsoft Defender Advanced Threat Protection APIs
|
||||
ms.reviewer:
|
||||
description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
|
||||
keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, device, user, domain, ip, file, advanced hunting, query
|
||||
keywords: apis, api, wdatp, open api, microsoft defender atp api, public api, supported apis, alerts, device, user, domain, ip, file, advanced hunting, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Experience Microsoft Defender ATP through simulated attacks
|
||||
description: Run the provided attack scenario simulations to experience how Microsoft Defender ATP can detect, investigate, and respond to breaches.
|
||||
keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection
|
||||
keywords: wdatp, test, scenario, attack, simulation, simulated, diy, microsoft defender advanced threat protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure alert notifications in Microsoft Defender ATP
|
||||
description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria.
|
||||
keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
|
||||
keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get devices onboarded to Microsoft Defender ATP
|
||||
description: Track onboarding of Intune-managed devices to Windows Defender ATP and increase onboarding rate.
|
||||
description: Track onboarding of Intune-managed devices to Microsoft Defender ATP and increase onboarding rate.
|
||||
keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, configuration management
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure managed security service provider support
|
||||
|
||||
description: Take the necessary steps to configure the MSSP integration with Windows Defender ATP
|
||||
description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP
|
||||
|
||||
keywords: managed security service provider, mssp, configure, integration
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -24,9 +24,9 @@ ms.date: 09/03/2018
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
|
||||
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
@ -44,7 +44,7 @@ The integration will allow MSSPs to take the following actions:
|
||||
- Get email notifications, and
|
||||
- Fetch alerts through security information and event management (SIEM) tools
|
||||
|
||||
Before MSSPs can take these actions, the MSSP customer will need to grant access to their Windows Defender ATP tenant so that the MSSP can access the portal.
|
||||
Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal.
|
||||
|
||||
|
||||
Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP.
|
||||
@ -54,7 +54,7 @@ In general, the following configuration steps need to be taken:
|
||||
|
||||
|
||||
- **Grant the MSSP access to Microsoft Defender Security Center** <br>
|
||||
This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Windows Defender ATP tenant.
|
||||
This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant.
|
||||
|
||||
|
||||
- **Configure alert notifications sent to MSSPs** <br>
|
||||
@ -97,7 +97,7 @@ Granting access to guest user is done the same way as granting access to a user
|
||||
|
||||
If you're using basic permissions to access the portal, the guest user must be assigned a Security Administrator role in **your** tenant. For more information, see [Use basic permissions to access the portal](basic-permissions.md).
|
||||
|
||||
If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Windows Defender ATP, see [Manage portal access using RBAC](rbac.md).
|
||||
If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Microsoft Defender ATP, see [Manage portal access using RBAC](rbac.md).
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
@ -166,7 +166,7 @@ Step 3: allow your application on Microsoft Defender Security Center
|
||||
|
||||
### Step 1: Create an application in Azure Active Directory (Azure AD)
|
||||
|
||||
You'll need to create an application and grant it permissions to fetch alerts from your customer's Windows Defender ATP tenant.
|
||||
You'll need to create an application and grant it permissions to fetch alerts from your customer's Microsoft Defender ATP tenant.
|
||||
|
||||
|
||||
1. Sign in to the [Azure AD portal](https://aad.portal.azure.com/).
|
||||
@ -296,7 +296,7 @@ You'll need to have **Manage portal system settings** permission to allow the ap
|
||||
5. Click **Authorize application**.
|
||||
|
||||
|
||||
You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md).
|
||||
You can now download the relevant configuration file for your SIEM and connect to the Microsoft Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md).
|
||||
|
||||
|
||||
- In the ArcSight configuration file / Splunk Authentication Properties file you will have to write your application key manually by settings the secret value.
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: conceptual
|
||||
|
||||
# Connected applications in Microsoft Defender ATP
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Connected applications integrates with the Microsoft Defender ATP platform using APIs.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender Antivirus compatibility with Microsoft Defender ATP
|
||||
description: Learn about how Windows Defender works with Microsoft Defender ATP and how it functions when a third-party antimalware client is used.
|
||||
keywords: windows defender compatibility, defender, windows defender atp
|
||||
keywords: windows defender compatibility, defender, microsoft defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: article
|
||||
|
||||
# Microsoft Defender ATP evaluation lab
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and device configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Investigate Microsoft Defender Advanced Threat Protection domains
|
||||
description: Use the investigation options to see if devices and servers have been communicating with malicious domains.
|
||||
keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL
|
||||
keywords: investigate domain, domain, malicious domain, microsoft defender atp, alert, URL
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Investigate an IP address associated with an alert
|
||||
description: Use the investigation options to examine possible communication between devices and external IP addresses.
|
||||
keywords: investigate, investigation, IP address, alert, windows defender atp, external IP
|
||||
keywords: investigate, investigation, IP address, alert, microsoft defender atp, external IP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Investigate a user account in Microsoft Defender ATP
|
||||
description: Investigate a user account for potential compromised credentials or pivot on the associated user account during an investigation.
|
||||
keywords: investigate, account, user, user entity, alert, windows defender atp
|
||||
keywords: investigate, account, user, user entity, alert, microsoft defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -66,10 +66,10 @@ To complete this process, you must have admin privileges on the device.
|
||||
|
||||
|
||||
|
||||
The installation proceeds.
|
||||
The installation proceeds.
|
||||
|
||||
> [!CAUTION]
|
||||
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
|
||||
> [!CAUTION]
|
||||
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
|
||||
|
||||
> [!NOTE]
|
||||
> macOS may request to reboot the device upon the first installation of Microsoft Defender. Real-time protection will not be available until the device is rebooted.
|
||||
@ -81,21 +81,19 @@ The installation proceeds.
|
||||
The client device is not associated with orgId. Note that the *orgId* attribute is blank.
|
||||
|
||||
```bash
|
||||
$ mdatp --health orgId
|
||||
mdatp --health orgId
|
||||
```
|
||||
|
||||
2. Run the Python script to install the configuration file:
|
||||
|
||||
```bash
|
||||
$ /usr/bin/python MicrosoftDefenderATPOnboardingMacOs.py
|
||||
Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
|
||||
/usr/bin/python MicrosoftDefenderATPOnboardingMacOs.py
|
||||
```
|
||||
|
||||
3. Verify that the device is now associated with your organization and reports a valid *orgId*:
|
||||
|
||||
```bash
|
||||
$ mdatp --health orgId
|
||||
E6875323-A6C0-4C60-87AD-114BBE7439B8
|
||||
mdatp --health orgId
|
||||
```
|
||||
|
||||
After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
|
||||
|
||||
@ -204,7 +204,7 @@ You may now enroll more devices. You can also enroll them later, after you have
|
||||
</plist>
|
||||
```
|
||||
|
||||
9. To allow Defender and Auto Update for displaying notifications in UI on macOS 10.15 (Catalina), import the following .mobileconfig as a custom payload: <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>
|
||||
9. To allow Defender and Auto Update to display notifications in UI on macOS 10.15 (Catalina), import the following .mobileconfig as a custom payload: <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Threat & Vulnerability Management
|
||||
description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
|
||||
keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, windows defender atp, microsoft defender atp, endpoint vulnerabilities, next generation
|
||||
keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, microsoft defender atp, microsoft defender atp, endpoint vulnerabilities, next generation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Offboard devices from the Microsoft Defender ATP service
|
||||
description: Onboard Windows 10 devices, servers, non-Windows devices from the Microsoft Defender ATP service
|
||||
keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding
|
||||
keywords: offboarding, microsoft defender advanced threat protection offboarding, windows atp offboarding
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard devices to the Microsoft Defender ATP service
|
||||
description: Onboard Windows 10 devices, servers, non-Windows devices and learn how to run a detection test.
|
||||
keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
|
||||
keywords: onboarding, microsoft defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Run a detection test on a newly onboarded Microsoft Defender ATP device
|
||||
description: Run the detection script on a newly onboarded device to verify that it is properly onboarded to the Microsoft Defender ATP service.
|
||||
keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, test
|
||||
keywords: detection test, detection, powershell, script, verify, onboarding, microsoft defender advanced threat protection onboarding, clients, servers, test
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Troubleshoot onboarding issues and error messages
|
||||
description: Troubleshoot onboarding issues and error message while completing setup of Microsoft Defender Advanced Threat Protection.
|
||||
keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, windows defender atp
|
||||
keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, microsoft defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
|
||||
Reference in New Issue
Block a user