@ -246,7 +246,7 @@ Use the following information to publish an Office package.
Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
* System Center Configuration Manager
* Microsoft Endpoint Configuration Manager
* App-V Server
* Stand-alone through Windows PowerShell commands
@ -284,10 +284,10 @@ Use the steps in this section to enable Office plug-ins with your Office package
#### To enable plug-ins for Office App-V packages
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
3. Create an App-V package that includes the desired plug-ins.
4. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
4. Add a Connection Group through App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
@ -230,7 +230,7 @@ Use the following information to publish an Office package.
Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed:
* System Center Configuration Manager
* Microsoft Endpoint Configuration Manager
* App-V Server
* Stand-alone through Windows PowerShell commands
@ -267,10 +267,10 @@ The following steps will tell you how to enable Office plug-ins with your Office
#### Enable plug-ins for Office App-V packages
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
3. Create an App-V package that includes the plug-ins you want.
4. Add a Connection Group through the App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
4. Add a Connection Group through the App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv).
If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Endpoint Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv).
Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
@ -44,7 +44,7 @@ Each method accomplishes essentially the same task, but some methods may be bett
To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
@ -117,9 +117,9 @@ The following table lists the operating systems that the App-V Sequencer install
See the Windows or Windows Server documentation for the hardware requirements.
## Supported versions of System Center Configuration Manager
## Supported versions of Microsoft Endpoint Configuration Manager
The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in System Center Configuration Manager](/sccm/apps/deploy-use/revise-and-supersede-applications#application-supersedence).
When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in Microsoft Endpoint Configuration Manager](/configmgr/apps/deploy-use/revise-and-supersede-applications#application-supersedence).
There are two steps to deploy an app upgrade:
@ -58,4 +58,4 @@ You don't need to delete the deployment associated with the older version of the
If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app.
If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with Microsoft Endoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app.
Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on:
- Tenant configuration
- Network configuration
- Onboarding using System Center Configuration Manager
- Onboarding using Microsoft Endpoint Configuration Manager
- Endpoint detection and response
- Next generation protection
- Attack surface reduction
>[!NOTE]
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
## Tenant Configuration
@ -111,7 +111,7 @@ under:
Preview Builds \> Configure Authenticated Proxy usage for the Connected User
Experience and Telemetry Service
- Set it to **Enabled** and select<63>**Disable Authenticated Proxy usage**
- Set it to **Enabled** and select<63>**Disable Authenticated Proxy usage**
1. Open the Group Policy Management Console.
2. Create a policy or edit an existing policy based off the organizational practices.
@ -205,9 +205,9 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
> [!NOTE]
> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
## Onboarding using System Center Configuration Manager
## Onboarding using Microsoft Endpoint Configuration Manager
### Collection creation
To onboard Windows 10 devices with System Center Configuration Manager, the
To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the
deployment can target either and existing collection or a new collection can be
created for testing. The onboarding like group policy or manual method does
not install any agent on the system. Within the Configuration Manager console
@ -217,55 +217,54 @@ maintain that configuration for as long as the Configuration Manager client
continues to receive this policy from the management point. Follow the steps
below to onboard systems with Configuration Manager.
1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
2. Right Click **Device Collection** and select **Create Device Collection**.
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
4. Select **Add Rule** and choose **Query Rule**.
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
6. Select **Criteria** and then choose the star icon.
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
8. Select **Next** and **Close**.
9. Select **Next**.
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
## Endpoint detection and response
### Windows 10
From within the Microsoft Defender Security Center it is possible to download
the '.onboarding' policy that can be used to create the policy in System Center Configuration
Manager and deploy that policy to Windows 10 devices.
the '.onboarding' policy that can be used to create the policy in Microsoft Endpoint Configuration Manager and deploy that policy to Windows 10 devices.
1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding).
2. Under Deployment method select the supported version of **System Center Configuration Manager**.
2. Under Deployment method select the supported version of **Configuration Manager**.
@ -274,15 +273,15 @@ Manager and deploy that policy to Windows 10 devices.
4. Save the package to an accessible location.
5. In System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
5. In Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
8. Click **Browse**.
@ -305,7 +304,7 @@ Manager and deploy that policy to Windows 10 devices.
15. Click **Close** when the Wizard completes.
16. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
16. In the Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
@ -371,14 +370,14 @@ Specifically, for Windows 7 SP1, the following patches must be installed:
To deploy the MMA with System Center Configuration Manager, follow the steps
To deploy the MMA with Microsoft Endpoint Configuration Manager, follow the steps
below to utilize the provided batch files to onboard the systems. The CMD file
when executed, will require the system to copy files from a network share by the
System, the System will install MMA, Install the DependencyAgent, and configure
MMA for enrollment into the workspace.
1. In System Center Configuration Manager console, navigate to **Software
1. In the Configuration Manager console, navigate to **Software
Library**.
2. Expand **Application Management**.
@ -387,15 +386,15 @@ MMA for enrollment into the workspace.
4. Provide a Name for the package, then click **Next**
5. Verify **Standard Program** is selected.
6. Click **Next**.
7. Enter a program name.
@ -411,17 +410,17 @@ MMA for enrollment into the workspace.
13. Click **Next**.
14. Verify the configuration, then click **Next**.
15. Click **Next**.
16. Click **Close**.
17. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP
17. In the Configuration Manager console, right-click the Microsoft Defender ATP
Onboarding Package just created and select **Deploy**.
18. On the right panel select the appropriate collection.
@ -431,7 +430,7 @@ MMA for enrollment into the workspace.
## Next generation protection
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
@ -481,9 +480,9 @@ Protection. All these features provide an audit mode and a block mode. In audit
To set ASR rules in Audit mode:
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
2. Select **Attack Surface Reduction**.
@ -491,26 +490,26 @@ To set ASR rules in Audit mode:
3. Set rules to **Audit** and click **Next**.
4. Confirm the new Exploit Guard policy by clicking on **Next**.
5. Once the policy is created click **Close**.
6. Right-click on the newly created policy and choose **Deploy**.
7. Target the policy to the newly created Windows 10 collection and click **OK**.
After completing this task, you now have successfully configured ASR rules in audit mode.
### To set Network Protection rules in Audit mode:
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
After completing this task, you now have successfully configured Network
Protection in audit mode.
### To set Controlled Folder Access rules in Audit mode:
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
2. Select **Controlled folder access**.
3. Set the configuration to **Audit** and click **Next**.
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
5. Once the policy is created click on **Close**.
6. Right-click on the newly created policy and choose **Deploy**.
7. Target the policy to the newly created Windows 10 collection and click **OK**.
After completing this task, you now have successfully configured Controlled folder access in audit mode.
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
LauraKellerGitHub