From f86a9427b12e2c6c28c97319a4e7cb761f28d1c9 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Sun, 23 Feb 2020 09:34:36 -0800 Subject: [PATCH] rebranding to endpoint --- ...d-unsigned-app-to-code-integrity-policy.md | 2 +- ...m-provider-microsoft-store-for-business.md | 2 +- store-for-business/distribute-offline-apps.md | 2 +- ...oubleshoot-microsoft-store-for-business.md | 2 +- ...eploying-microsoft-office-2010-wth-appv.md | 2 +- ...ploying-microsoft-office-2013-with-appv.md | 6 +- ...ploying-microsoft-office-2016-with-appv.md | 6 +- ...ctronic-software-distribution-solutions.md | 2 +- ...plications-inside-a-virtual-environment.md | 2 +- .../app-v/appv-supported-configurations.md | 4 +- .../deploy-app-upgrades-windows-10-mobile.md | 4 +- .../prepare-deployment.md | 2 +- .../production-deployment.md | 99 +++++++++---------- 13 files changed, 67 insertions(+), 68 deletions(-) diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md index 8c1e9402e7..bddb37739a 100644 --- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md +++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md @@ -100,4 +100,4 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide). 6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store. -7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with System Center Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide). +7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide). diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md index 298857630c..d00eb08313 100644 --- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md +++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md @@ -43,6 +43,6 @@ After your management tool is added to your Azure AD directory, you can configur Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics: - [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune) -- [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business) For third-party MDM providers or management servers, check your product documentation. diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index 52c8ea4a6b..5c70fb1b0b 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -44,7 +44,7 @@ You can't distribute offline-licensed apps directly from Microsoft Store. Once y - **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages). - **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics: - - [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) + - [Manage apps from Microsoft Store for Business with Microsoft Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business) - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
For third-party MDM providers or management servers, check your product documentation. diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md index 2855e4cd43..0c9d5e23e1 100644 --- a/store-for-business/troubleshoot-microsoft-store-for-business.md +++ b/store-for-business/troubleshoot-microsoft-store-for-business.md @@ -51,7 +51,7 @@ The private store for your organization is a page in Microsoft Store app that co ![Private store for Contoso publishing](images/wsfb-privatestoreapps.png) -## Troubleshooting Microsoft Store for Business integration with System Center Configuration Manager +## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w). diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index eb84b6e2b7..2e77179b7c 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -48,7 +48,7 @@ For detailed instructions on how to create virtual application packages using Ap You can deploy Office 2010 packages by using any of the following App-V deployment methods: -* System Center Configuration Manager +* Microsoft Endpoint Configuration Manager * App-V server * Stand-alone through Windows PowerShell commands diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md index 6fa996507f..40175562d2 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md @@ -246,7 +246,7 @@ Use the following information to publish an Office package. Deploy the App-V package for Office 2013 by using the same methods you use for any other package: -* System Center Configuration Manager +* Microsoft Endpoint Configuration Manager * App-V Server * Stand-alone through Windows PowerShell commands @@ -284,10 +284,10 @@ Use the steps in this section to enable Office plug-ins with your Office package #### To enable plug-ins for Office App-V packages -1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. +1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet. 2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins. 3. Create an App-V package that includes the desired plug-ins. -4. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. +4. Add a Connection Group through App-V Server, Configuration Manager, or a Windows PowerShell cmdlet. 5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created. >[!IMPORTANT] diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index ce7303bbf8..8f016604df 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -230,7 +230,7 @@ Use the following information to publish an Office package. Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed: -* System Center Configuration Manager +* Microsoft Endpoint Configuration Manager * App-V Server * Stand-alone through Windows PowerShell commands @@ -267,10 +267,10 @@ The following steps will tell you how to enable Office plug-ins with your Office #### Enable plug-ins for Office App-V packages -1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. +1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet. 2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins. 3. Create an App-V package that includes the plug-ins you want. -4. Add a Connection Group through the App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. +4. Add a Connection Group through the App-V Server, Configuration Manager, or a Windows PowerShell cmdlet. 5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created. >[!IMPORTANT] diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md index 7c682239c3..49e7266314 100644 --- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -16,7 +16,7 @@ ms.topic: article >Applies to: Windows 10, version 1607 -If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv). +If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Endpoint Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv). Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md index 3befc157bd..b1a6caca2c 100644 --- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -44,7 +44,7 @@ Each method accomplishes essentially the same task, but some methods may be bett To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections. -There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry. +There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry. Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user. diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index 2dce846fd9..a39eca9e4d 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -117,9 +117,9 @@ The following table lists the operating systems that the App-V Sequencer install See the Windows or Windows Server documentation for the hardware requirements. -## Supported versions of System Center Configuration Manager +## Supported versions of Microsoft Endpoint Configuration Manager -The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606. +The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606. ## Related topics diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md index d176e86059..cab2bb9669 100644 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md @@ -16,7 +16,7 @@ ms.topic: article > Applies to: Windows 10 -When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in System Center Configuration Manager](/sccm/apps/deploy-use/revise-and-supersede-applications#application-supersedence). +When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in Microsoft Endpoint Configuration Manager](/configmgr/apps/deploy-use/revise-and-supersede-applications#application-supersedence). There are two steps to deploy an app upgrade: @@ -58,4 +58,4 @@ You don't need to delete the deployment associated with the older version of the ![Monitoring view in Configuration Manager for the old version of the app](media/app-upgrade-old-version.png) -If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. +If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with Microsoft Endoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 60c0833058..2f0f6c72af 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -58,7 +58,7 @@ The following is in scope for this project: capabilities including automatic investigation and remediation - Enabling Microsoft Defender ATP threat and vulnerability management (TVM) -- Use of System Center Configuration Manager to onboard endpoints into the service. +- Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service. ### Out of scope diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 4e93583820..6bed8fc78a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -25,13 +25,13 @@ ms.topic: article Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on: - Tenant configuration - Network configuration -- Onboarding using System Center Configuration Manager +- Onboarding using Microsoft Endpoint Configuration Manager - Endpoint detection and response - Next generation protection - Attack surface reduction >[!NOTE] ->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). +>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). ## Tenant Configuration @@ -111,7 +111,7 @@ under: Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service - - Set it to **Enabled** and select **Disable Authenticated Proxy usage** + - Set it to **Enabled** and selectďż˝**Disable Authenticated Proxy usage** 1. Open the Group Policy Management Console. 2. Create a policy or edit an existing policy based off the organizational practices. @@ -205,9 +205,9 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https: > [!NOTE] > As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting. -## Onboarding using System Center Configuration Manager +## Onboarding using Microsoft Endpoint Configuration Manager ### Collection creation -To onboard Windows 10 devices with System Center Configuration Manager, the +To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the deployment can target either and existing collection or a new collection can be created for testing. The onboarding like group policy or manual method does not install any agent on the system. Within the Configuration Manager console @@ -217,55 +217,54 @@ maintain that configuration for as long as the Configuration Manager client continues to receive this policy from the management point. Follow the steps below to onboard systems with Configuration Manager. -1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. - ![Image of System Center Configuration Manager wizard](images/sccm-device-collections.png) + ![Image of Configuration Manager wizard](images/sccm-device-collections.png) 2. Right Click **Device Collection** and select **Create Device Collection**. - ![Image of System Center Configuration Manager wizard](images/sccm-create-device-collection.png) + ![Image of Configuration Manager wizard](images/sccm-create-device-collection.png) 3. Provide a **Name** and **Limiting Collection**, then select **Next**. - ![Image of System Center Configuration Manager wizard](images/sccm-limiting-collection.png) + ![Image of Configuration Manager wizard](images/sccm-limiting-collection.png) 4. Select **Add Rule** and choose **Query Rule**. - ![Image of System Center Configuration Manager wizard](images/sccm-query-rule.png) + ![Image of Configuration Manager wizard](images/sccm-query-rule.png) 5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**. - ![Image of System Center Configuration Manager wizard](images/sccm-direct-membership.png) + ![Image of Configuration Manager wizard](images/sccm-direct-membership.png) 6. Select **Criteria** and then choose the star icon. - ![Image of System Center Configuration Manager wizard](images/sccm-criteria.png) + ![Image of Configuration Manager wizard](images/sccm-criteria.png) 7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**. - ![Image of System Center Configuration Manager wizard](images/sccm-simple-value.png) + ![Image of Configuration Manager wizard](images/sccm-simple-value.png) 8. Select **Next** and **Close**. - ![Image of System Center Configuration Manager wizard](images/sccm-membership-rules.png) + ![Image of Configuration Manager wizard](images/sccm-membership-rules.png) 9. Select **Next**. - ![Image of System Center Configuration Manager wizard](images/sccm-confirm.png) + ![Image of Configuration Manager wizard](images/sccm-confirm.png) After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. ## Endpoint detection and response ### Windows 10 From within the Microsoft Defender Security Center it is possible to download -the '.onboarding' policy that can be used to create the policy in System Center Configuration -Manager and deploy that policy to Windows 10 devices. +the '.onboarding' policy that can be used to create the policy in Microsoft Endpoint Configuration Manager and deploy that policy to Windows 10 devices. 1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding). -2. Under Deployment method select the supported version of **System Center Configuration Manager**. +2. Under Deployment method select the supported version of **Configuration Manager**. ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-onboarding-wizard.png) @@ -274,15 +273,15 @@ Manager and deploy that policy to Windows 10 devices. ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-download-package.png) 4. Save the package to an accessible location. -5. In System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. +5. In Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. 6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**. - ![Image of System Center Configuration Manager wizard](images/sccm-create-policy.png) + ![Image of Configuration Manager wizard](images/sccm-create-policy.png) 7. Enter the name and description, verify **Onboarding** is selected, then select **Next**. - ![Image of System Center Configuration Manager wizard](images/sccm-policy-name.png) + ![Image of Configuration Manager wizard](images/sccm-policy-name.png) 8. Click **Browse**. @@ -305,7 +304,7 @@ Manager and deploy that policy to Windows 10 devices. 15. Click **Close** when the Wizard completes. -16. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**. +16. In the Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**. ![Image of configuration settings](images/4a37f3687e6ff53a593d3670b1dad3aa.png) @@ -371,14 +370,14 @@ Specifically, for Windows 7 SP1, the following patches must be installed: [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework). Do not install both on the same system. -To deploy the MMA with System Center Configuration Manager, follow the steps +To deploy the MMA with Microsoft Endpoint Configuration Manager, follow the steps below to utilize the provided batch files to onboard the systems. The CMD file when executed, will require the system to copy files from a network share by the System, the System will install MMA, Install the DependencyAgent, and configure MMA for enrollment into the workspace. -1. In System Center Configuration Manager console, navigate to **Software +1. In the Configuration Manager console, navigate to **Software Library**. 2. Expand **Application Management**. @@ -387,15 +386,15 @@ MMA for enrollment into the workspace. 4. Provide a Name for the package, then click **Next** - ![Image of System Center Configuration Manager console](images/e156a7ef87ea6472d57a3dc594bf08c2.png) + ![Image of Configuration Manager console](images/e156a7ef87ea6472d57a3dc594bf08c2.png) 5. Verify **Standard Program** is selected. - ![Image of System Center Configuration Manager console](images/227f249bcb6e7f29c4d43aa1ffaccd20.png) + ![Image of Configuration Manager console](images/227f249bcb6e7f29c4d43aa1ffaccd20.png) 6. Click **Next**. - ![Image of System Center Configuration Manager console](images/2c7f9d05a2ebd19607cc76b6933b945b.png) + ![Image of Configuration Manager console](images/2c7f9d05a2ebd19607cc76b6933b945b.png) 7. Enter a program name. @@ -411,17 +410,17 @@ MMA for enrollment into the workspace. 13. Click **Next**. - ![Image of System Center Configuration Manager console](images/262a41839704d6da2bbd72ed6b4a826a.png) + ![Image of Configuration Manager console](images/262a41839704d6da2bbd72ed6b4a826a.png) 14. Verify the configuration, then click **Next**. - ![Image of System Center Configuration Manager console](images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png) + ![Image of Configuration Manager console](images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png) 15. Click **Next**. 16. Click **Close**. -17. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP +17. In the Configuration Manager console, right-click the Microsoft Defender ATP Onboarding Package just created and select **Deploy**. 18. On the right panel select the appropriate collection. @@ -431,7 +430,7 @@ MMA for enrollment into the workspace. ## Next generation protection Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. ![Image of antimalware policy](images/9736e0358e86bc778ce1bd4c516adb8b.png) @@ -481,9 +480,9 @@ Protection. All these features provide an audit mode and a block mode. In audit To set ASR rules in Audit mode: -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![Image of System Center Configuration Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![Image of Configuration Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Attack Surface Reduction**. @@ -491,26 +490,26 @@ To set ASR rules in Audit mode: 3. Set rules to **Audit** and click **Next**. - ![Image of System Center Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png) + ![Image of Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png) 4. Confirm the new Exploit Guard policy by clicking on **Next**. - ![Image of System Center Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png) + ![Image of Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click **Close**. - ![Image of System Center Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png) + ![Image of Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![Image of System Center Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![Image of Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Target the policy to the newly created Windows 10 collection and click **OK**. - ![Image of System Center Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![Image of Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured ASR rules in audit mode. @@ -541,15 +540,15 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros ### To set Network Protection rules in Audit mode: -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![A screenshot System Center Confirugatiom Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![A screenshot Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Network protection**. 3. Set the setting to **Audit** and click **Next**. - ![A screenshot System Center Confirugatiom Manager](images/c039b2e05dba1ade6fb4512456380c9f.png) + ![A screenshot Configuration Manager](images/c039b2e05dba1ade6fb4512456380c9f.png) 4. Confirm the new Exploit Guard Policy by clicking **Next**. @@ -561,42 +560,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros 6. Right-click on the newly created policy and choose **Deploy**. - ![A screenshot System Center Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![A screenshot Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Select the policy to the newly created Windows 10 collection and choose **OK**. - ![A screenshot System Center Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![A screenshot Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured Network Protection in audit mode. ### To set Controlled Folder Access rules in Audit mode: -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![A screenshot of System Center Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![A screenshot of Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Controlled folder access**. 3. Set the configuration to **Audit** and click **Next**. - ![A screenshot of System Center Configuration Manager](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) + ![A screenshot of Configuration Manager](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) 4. Confirm the new Exploit Guard Policy by clicking on **Next**. - ![A screenshot of System Center Configuration Manager](images/0a6536f2c4024c08709cac8fcf800060.png) + ![A screenshot of Configuration Manager](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click on **Close**. - ![A screenshot of System Center Configuration Manager](images/95d23a07c2c8bc79176788f28cef7557.png) + ![A screenshot of Configuration Manager](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![A screenshot of System Center Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![A screenshot of Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Target the policy to the newly created Windows 10 collection and click **OK**. - ![A screenshot of System Center Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![A screenshot of Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured Controlled folder access in audit mode.