mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-25 07:13:37 +00:00
rebranding to endpoint
This commit is contained in:
LauraKellerGitHub
@ -58,7 +58,7 @@ The following is in scope for this project:
|
||||
capabilities including automatic investigation and remediation
|
||||
|
||||
- Enabling Microsoft Defender ATP threat and vulnerability management (TVM)
|
||||
- Use of System Center Configuration Manager to onboard endpoints into the service.
|
||||
- Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service.
|
||||
|
||||
### Out of scope
|
||||
|
||||
|
||||
@ -25,13 +25,13 @@ ms.topic: article
|
||||
Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on:
|
||||
- Tenant configuration
|
||||
- Network configuration
|
||||
- Onboarding using System Center Configuration Manager
|
||||
- Onboarding using Microsoft Endpoint Configuration Manager
|
||||
- Endpoint detection and response
|
||||
- Next generation protection
|
||||
- Attack surface reduction
|
||||
|
||||
>[!NOTE]
|
||||
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
|
||||
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
|
||||
|
||||
## Tenant Configuration
|
||||
|
||||
@ -111,7 +111,7 @@ under:
|
||||
Preview Builds \> Configure Authenticated Proxy usage for the Connected User
|
||||
Experience and Telemetry Service
|
||||
|
||||
- Set it to **Enabled** and select<63>**Disable Authenticated Proxy usage**
|
||||
- Set it to **Enabled** and select<63>**Disable Authenticated Proxy usage**
|
||||
|
||||
1. Open the Group Policy Management Console.
|
||||
2. Create a policy or edit an existing policy based off the organizational practices.
|
||||
@ -205,9 +205,9 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
|
||||
> [!NOTE]
|
||||
> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
|
||||
|
||||
## Onboarding using System Center Configuration Manager
|
||||
## Onboarding using Microsoft Endpoint Configuration Manager
|
||||
### Collection creation
|
||||
To onboard Windows 10 devices with System Center Configuration Manager, the
|
||||
To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the
|
||||
deployment can target either and existing collection or a new collection can be
|
||||
created for testing. The onboarding like group policy or manual method does
|
||||
not install any agent on the system. Within the Configuration Manager console
|
||||
@ -217,55 +217,54 @@ maintain that configuration for as long as the Configuration Manager client
|
||||
continues to receive this policy from the management point. Follow the steps
|
||||
below to onboard systems with Configuration Manager.
|
||||
|
||||
1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Right Click **Device Collection** and select **Create Device Collection**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **Add Rule** and choose **Query Rule**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select **Criteria** and then choose the star icon.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Select **Next** and **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
||||
|
||||
## Endpoint detection and response
|
||||
### Windows 10
|
||||
From within the Microsoft Defender Security Center it is possible to download
|
||||
the '.onboarding' policy that can be used to create the policy in System Center Configuration
|
||||
Manager and deploy that policy to Windows 10 devices.
|
||||
the '.onboarding' policy that can be used to create the policy in Microsoft Endpoint Configuration Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding).
|
||||
|
||||
|
||||
|
||||
2. Under Deployment method select the supported version of **System Center Configuration Manager**.
|
||||
2. Under Deployment method select the supported version of **Configuration Manager**.
|
||||
|
||||
|
||||
|
||||
@ -274,15 +273,15 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
|
||||
4. Save the package to an accessible location.
|
||||
5. In System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
|
||||
5. In Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
|
||||
|
||||
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Click **Browse**.
|
||||
|
||||
@ -305,7 +304,7 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
15. Click **Close** when the Wizard completes.
|
||||
|
||||
16. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
|
||||
16. In the Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
|
||||
|
||||
|
||||
|
||||
@ -371,14 +370,14 @@ Specifically, for Windows 7 SP1, the following patches must be installed:
|
||||
[KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework).
|
||||
Do not install both on the same system.
|
||||
|
||||
To deploy the MMA with System Center Configuration Manager, follow the steps
|
||||
To deploy the MMA with Microsoft Endpoint Configuration Manager, follow the steps
|
||||
below to utilize the provided batch files to onboard the systems. The CMD file
|
||||
when executed, will require the system to copy files from a network share by the
|
||||
System, the System will install MMA, Install the DependencyAgent, and configure
|
||||
MMA for enrollment into the workspace.
|
||||
|
||||
|
||||
1. In System Center Configuration Manager console, navigate to **Software
|
||||
1. In the Configuration Manager console, navigate to **Software
|
||||
Library**.
|
||||
|
||||
2. Expand **Application Management**.
|
||||
@ -387,15 +386,15 @@ MMA for enrollment into the workspace.
|
||||
|
||||
4. Provide a Name for the package, then click **Next**
|
||||
|
||||
|
||||
|
||||
|
||||
5. Verify **Standard Program** is selected.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Enter a program name.
|
||||
|
||||
@ -411,17 +410,17 @@ MMA for enrollment into the workspace.
|
||||
|
||||
13. Click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
14. Verify the configuration, then click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
15. Click **Next**.
|
||||
|
||||
16. Click **Close**.
|
||||
|
||||
17. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP
|
||||
17. In the Configuration Manager console, right-click the Microsoft Defender ATP
|
||||
Onboarding Package just created and select **Deploy**.
|
||||
|
||||
18. On the right panel select the appropriate collection.
|
||||
@ -431,7 +430,7 @@ MMA for enrollment into the workspace.
|
||||
## Next generation protection
|
||||
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
|
||||
|
||||
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
|
||||
|
||||
|
||||
|
||||
@ -481,9 +480,9 @@ Protection. All these features provide an audit mode and a block mode. In audit
|
||||
|
||||
To set ASR rules in Audit mode:
|
||||
|
||||
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Attack Surface Reduction**.
|
||||
@ -491,26 +490,26 @@ To set ASR rules in Audit mode:
|
||||
|
||||
3. Set rules to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured ASR rules in audit mode.
|
||||
|
||||
@ -541,15 +540,15 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
|
||||
|
||||
### To set Network Protection rules in Audit mode:
|
||||
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Network protection**.
|
||||
|
||||
3. Set the setting to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard Policy by clicking **Next**.
|
||||
|
||||
@ -561,42 +560,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Select the policy to the newly created Windows 10 collection and choose **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured Network
|
||||
Protection in audit mode.
|
||||
|
||||
### To set Controlled Folder Access rules in Audit mode:
|
||||
|
||||
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Controlled folder access**.
|
||||
|
||||
3. Set the configuration to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click on **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured Controlled folder access in audit mode.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user