From f1c3b00930836fe324a84523052066592765c366 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 18 Feb 2020 17:01:38 -0800 Subject: [PATCH] updates --- windows/security/threat-protection/TOC.md | 6 +-- .../deployment-phases.md | 29 ++++++++++- .../{configure.md => onboarding.md} | 4 +- .../prepare-deployment.md | 43 +++------------- .../production-deployment.md | 49 +++++++++++++------ 5 files changed, 74 insertions(+), 57 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{configure.md => onboarding.md} (99%) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ba42557651..23672deea5 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -18,11 +18,11 @@ ## [Deployment guide]() ### [Deployment phases](microsoft-defender-atp/deployment-phases.md) -### [Phase 1: Prepare Microsoft Defender ATP deployment](microsoft-defender-atp/prepare-deployment.md) +### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md) -### [Phase 2: Setup the Microsoft Defender ATP service](microsoft-defender-atp/production-deployment.md) +### [Phase 2: Setup](microsoft-defender-atp/production-deployment.md) -### [Phase 3: Onboard](microsoft-defender-atp/configure.md) +### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md) ## [Operations]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md index 8adcc930b6..23dd03a30e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md @@ -35,7 +35,7 @@ There are three phases in deploying Microsoft Defender ATP:
Setup
- + Onboard
Onboard
@@ -54,6 +54,7 @@ There are three phases in deploying Microsoft Defender ATP: The setup phase covers the initial steps you'll take as you first access Microsoft Defender Security Center. You'll be guided on: + - Validating the licensing - Completing the setup wizard within the portal - Network configuration @@ -71,4 +72,30 @@ Onboard devices to the service so the Microsoft Defender ATP service can get sen The deployment guide will walk you through the recommended path in deploying Microsoft Defender ATP. +There are several methods you can use to onboard to the service. The deployment guide will only cover the recommended path. For details on other ways to onboard, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). +## In Scope + +The following is in scope for this deployment guide: +- Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service +- Enabling Microsoft Defender ATP endpoint protection platform (EPP) + capabilities + + - Next Generation Protection + + - Attack Surface Reduction + +- Enabling Microsoft Defender ATP endpoint detection and response (EDR) + capabilities including automatic investigation and remediation + +- Enabling Microsoft Defender ATP threat and vulnerability management (TVM) + + +## Out of scope + +The following are out of scope of this deployment guide: + +- Configuration of third-party solutions that might integrate with Microsoft + Defender ATP + +- Penetration testing in production environment diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md similarity index 99% rename from windows/security/threat-protection/microsoft-defender-atp/configure.md rename to windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 7aa8e6efef..3a5ca24c0d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -1,5 +1,5 @@ --- -title: Configure capabilities +title: Onboard to the Micrsoft Defender ATP service description: keywords: search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Configure capabilities +# Onboard to the Micrsoft Defender ATP service Deploying Microsoft Defender ATP is a three-phase process: diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 2f1b90725f..dc2c8d185b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -32,17 +32,17 @@ Deploying Microsoft Defender ATP is a three-phase process: - Plan to deploy Microsoft Defender ATP -
Plan
+ Plan to deploy Microsoft Defender ATP +
Prepare
- Onboard to the Microsoft Defender ATP service + Onboard to the Microsoft Defender ATP service
Setup
- - Configure capabilities + + Configure capabilities
Onboard
@@ -59,11 +59,7 @@ Deploying Microsoft Defender ATP is a three-phase process: -You are currently in the planning phase. - - - - +You are currently in the prepare phase. @@ -86,33 +82,6 @@ to the table below as appropriate for your organization. | Enter name and email | **Workplace Architect** *A representative from the IT team in charge of defining how this change is aligned with the core workplace architecture in the organization.* | R | | Enter name and email | **Security Analyst** *A representative from the CDOC team who can provide input on the detection capabilities, user experience and overall usefulness of this change from a security operations perspective.* | I | -## Project Management - -### In Scope - -The following is in scope for this project: - -- Enabling Microsoft Defender ATP endpoint protection platform (EPP) - capabilities - - - Next Generation Protection - - - Attack Surface Reduction - -- Enabling Microsoft Defender ATP endpoint detection and response (EDR) - capabilities including automatic investigation and remediation - -- Enabling Microsoft Defender ATP threat and vulnerability management (TVM) -- Use of System Center Configuration Manager to onboard endpoints into the service. - -### Out of scope - -The following are out of scope of this project: - -- Configuration of third-party solutions that might integrate with Microsoft - Defender ATP. - -- Penetration testing in production environment. ## Environment diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 8a3a022f4c..3d0acb4be9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -1,5 +1,5 @@ --- -title: Microsoft Defender ATP production deployment +title: Setup Microsoft Defender ATP deployment description: keywords: search.product: eADQiWindows 10XVcnh @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Microsoft Defender ATP production deployment +# Setup Microsoft Defender ATP deployment **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -39,7 +39,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
Setup
- + Onboard
Onboard
@@ -48,22 +48,43 @@ Deploying Microsoft Defender ATP is a three-phase process: -You are currently in the onboard phase. +You are currently in the onboarding phase. - - - - -Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on: +In this deployment scenario, you'll be guided through the steps on: +- Licensing validation - Tenant configuration - Network configuration -- Onboarding using System Center Configuration Manager -- Endpoint detection and response -- Next generation protection -- Attack surface reduction + >[!NOTE] ->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). +>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). + +## Check license state + +Checking for the license state and whether it got properly provisioned, can be done through the admin center or through the **Microsoft Azure portal**. + +1. To view your licenses go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products). + + ![Image of Azure Licensing page](images/atp-licensing-azure-portal.png) + +1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**. + + - On the screen you will see all the provisioned licenses and their current **Status**. + + ![Image of billing licenses](images/atp-billing-subscriptions.png) + + +## Cloud Service Provider validation + +To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the admin center. + +1. From the **Partner portal**, click on the **Administer services > Office 365**. + +2. Clicking on the **Partner portal** link will leverage the **Admin on behalf** option and will give you access to the customer admin center. + + ![Image of O365 admin portal](images/atp-O365-admin-portal-customer.png) + + ## Tenant Configuration