deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

rebranding to endpoint

Browse Source
This commit is contained in:
LauraKellerGitHub 2020-02-23 09:34:36 -08:00
parent 687979df31
commit f86a9427b1
13 changed files with 67 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -100,4 +100,4 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr
When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide). When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store. 6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with System Center Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide). 7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).

2
store-for-business/configure-mdm-provider-microsoft-store-for-business.md
View File

@ -43,6 +43,6 @@ After your management tool is added to your Azure AD directory, you can configur
Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics: Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics:
- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune) - [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
- [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) - [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
For third-party MDM providers or management servers, check your product documentation. For third-party MDM providers or management servers, check your product documentation.

2
store-for-business/distribute-offline-apps.md
View File

@ -44,7 +44,7 @@ You can't distribute offline-licensed apps directly from Microsoft Store. Once y
- **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages). - **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages).
- **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics: - **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
- [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) - [Manage apps from Microsoft Store for Business with Microsoft Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)<br> - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)<br>
For third-party MDM providers or management servers, check your product documentation. For third-party MDM providers or management servers, check your product documentation.

2
store-for-business/troubleshoot-microsoft-store-for-business.md
View File

@ -51,7 +51,7 @@ The private store for your organization is a page in Microsoft Store app that co
![Private store for Contoso publishing](images/wsfb-privatestoreapps.png) ![Private store for Contoso publishing](images/wsfb-privatestoreapps.png)
## Troubleshooting Microsoft Store for Business integration with System Center Configuration Manager ## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager
If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w). If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).

2
windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
View File

@ -48,7 +48,7 @@ For detailed instructions on how to create virtual application packages using Ap
You can deploy Office 2010 packages by using any of the following App-V deployment methods: You can deploy Office 2010 packages by using any of the following App-V deployment methods:
* System Center Configuration Manager * Microsoft Endpoint Configuration Manager
* App-V server * App-V server
* Stand-alone through Windows PowerShell commands * Stand-alone through Windows PowerShell commands

6
windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
View File

@ -246,7 +246,7 @@ Use the following information to publish an Office package.
Deploy the App-V package for Office 2013 by using the same methods you use for any other package: Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
* System Center Configuration Manager * Microsoft Endpoint Configuration Manager
* App-V Server * App-V Server
* Stand-alone through Windows PowerShell commands * Stand-alone through Windows PowerShell commands
@ -284,10 +284,10 @@ Use the steps in this section to enable Office plug-ins with your Office package
#### To enable plug-ins for Office App-V packages #### To enable plug-ins for Office App-V packages
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. 1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins. 2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
3. Create an App-V package that includes the desired plug-ins. 3. Create an App-V package that includes the desired plug-ins.
4. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. 4. Add a Connection Group through App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created. 5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
>[!IMPORTANT] >[!IMPORTANT]

6
windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
View File

@ -230,7 +230,7 @@ Use the following information to publish an Office package.
Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed: Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed:
* System Center Configuration Manager * Microsoft Endpoint Configuration Manager
* App-V Server * App-V Server
* Stand-alone through Windows PowerShell commands * Stand-alone through Windows PowerShell commands
@ -267,10 +267,10 @@ The following steps will tell you how to enable Office plug-ins with your Office
#### Enable plug-ins for Office App-V packages #### Enable plug-ins for Office App-V packages
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. 1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins. 2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
3. Create an App-V package that includes the plug-ins you want. 3. Create an App-V package that includes the plug-ins you want.
4. Add a Connection Group through the App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet. 4. Add a Connection Group through the App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created. 5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
>[!IMPORTANT] >[!IMPORTANT]

2
windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
View File

@ -16,7 +16,7 @@ ms.topic: article
>Applies to: Windows 10, version 1607 >Applies to: Windows 10, version 1607
If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv). If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Endpoint Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv).
Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:

2
windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
View File

@ -44,7 +44,7 @@ Each method accomplishes essentially the same task, but some methods may be bett
To add a locally installed application to a package or to a connection groups virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections. To add a locally installed application to a package or to a connection groups virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry. There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user. Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.

4
windows/application-management/app-v/appv-supported-configurations.md
View File

@ -117,9 +117,9 @@ The following table lists the operating systems that the App-V Sequencer install
See the Windows or Windows Server documentation for the hardware requirements. See the Windows or Windows Server documentation for the hardware requirements.
## Supported versions of System Center Configuration Manager ## Supported versions of Microsoft Endpoint Configuration Manager
The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606. The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
## Related topics ## Related topics

4
windows/application-management/deploy-app-upgrades-windows-10-mobile.md
View File

@ -16,7 +16,7 @@ ms.topic: article
> Applies to: Windows 10 > Applies to: Windows 10
When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in System Center Configuration Manager](/sccm/apps/deploy-use/revise-and-supersede-applications#application-supersedence). When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in Microsoft Endpoint Configuration Manager](/configmgr/apps/deploy-use/revise-and-supersede-applications#application-supersedence).
There are two steps to deploy an app upgrade: There are two steps to deploy an app upgrade:
@ -58,4 +58,4 @@ You don't need to delete the deployment associated with the older version of the
![Monitoring view in Configuration Manager for the old version of the app](media/app-upgrade-old-version.png) ![Monitoring view in Configuration Manager for the old version of the app](media/app-upgrade-old-version.png)
If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with Microsoft Endoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app.

2
windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
View File

@ -58,7 +58,7 @@ The following is in scope for this project:
capabilities including automatic investigation and remediation capabilities including automatic investigation and remediation
- Enabling Microsoft Defender ATP threat and vulnerability management (TVM) - Enabling Microsoft Defender ATP threat and vulnerability management (TVM)
- Use of System Center Configuration Manager to onboard endpoints into the service. - Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service.
### Out of scope ### Out of scope

99
windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
View File

@ -25,13 +25,13 @@ ms.topic: article
Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on: Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on:
- Tenant configuration - Tenant configuration
- Network configuration - Network configuration
- Onboarding using System Center Configuration Manager - Onboarding using Microsoft Endpoint Configuration Manager
- Endpoint detection and response - Endpoint detection and response
- Next generation protection - Next generation protection
- Attack surface reduction - Attack surface reduction
>[!NOTE] >[!NOTE]
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). >For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
## Tenant Configuration ## Tenant Configuration
@ -111,7 +111,7 @@ under:
Preview Builds \> Configure Authenticated Proxy usage for the Connected User Preview Builds \> Configure Authenticated Proxy usage for the Connected User
Experience and Telemetry Service Experience and Telemetry Service
- Set it to **Enabled** and select **Disable Authenticated Proxy usage** - Set it to **Enabled** and select<EFBFBD>**Disable Authenticated Proxy usage**
1. Open the Group Policy Management Console. 1. Open the Group Policy Management Console.
2. Create a policy or edit an existing policy based off the organizational practices. 2. Create a policy or edit an existing policy based off the organizational practices.
@ -205,9 +205,9 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
> [!NOTE] > [!NOTE]
> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting. > As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
## Onboarding using System Center Configuration Manager ## Onboarding using Microsoft Endpoint Configuration Manager
### Collection creation ### Collection creation
To onboard Windows 10 devices with System Center Configuration Manager, the To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the
deployment can target either and existing collection or a new collection can be deployment can target either and existing collection or a new collection can be
created for testing. The onboarding like group policy or manual method does created for testing. The onboarding like group policy or manual method does
not install any agent on the system. Within the Configuration Manager console not install any agent on the system. Within the Configuration Manager console
@ -217,55 +217,54 @@ maintain that configuration for as long as the Configuration Manager client
continues to receive this policy from the management point. Follow the steps continues to receive this policy from the management point. Follow the steps
below to onboard systems with Configuration Manager. below to onboard systems with Configuration Manager.
1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. 1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
![Image of System Center Configuration Manager wizard](images/sccm-device-collections.png) ![Image of Configuration Manager wizard](images/sccm-device-collections.png)
2. Right Click **Device Collection** and select **Create Device Collection**. 2. Right Click **Device Collection** and select **Create Device Collection**.
![Image of System Center Configuration Manager wizard](images/sccm-create-device-collection.png) ![Image of Configuration Manager wizard](images/sccm-create-device-collection.png)
3. Provide a **Name** and **Limiting Collection**, then select **Next**. 3. Provide a **Name** and **Limiting Collection**, then select **Next**.
![Image of System Center Configuration Manager wizard](images/sccm-limiting-collection.png) ![Image of Configuration Manager wizard](images/sccm-limiting-collection.png)
4. Select **Add Rule** and choose **Query Rule**. 4. Select **Add Rule** and choose **Query Rule**.
![Image of System Center Configuration Manager wizard](images/sccm-query-rule.png) ![Image of Configuration Manager wizard](images/sccm-query-rule.png)
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**. 5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
![Image of System Center Configuration Manager wizard](images/sccm-direct-membership.png) ![Image of Configuration Manager wizard](images/sccm-direct-membership.png)
6. Select **Criteria** and then choose the star icon. 6. Select **Criteria** and then choose the star icon.
![Image of System Center Configuration Manager wizard](images/sccm-criteria.png) ![Image of Configuration Manager wizard](images/sccm-criteria.png)
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**. 7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
![Image of System Center Configuration Manager wizard](images/sccm-simple-value.png) ![Image of Configuration Manager wizard](images/sccm-simple-value.png)
8. Select **Next** and **Close**. 8. Select **Next** and **Close**.
![Image of System Center Configuration Manager wizard](images/sccm-membership-rules.png) ![Image of Configuration Manager wizard](images/sccm-membership-rules.png)
9. Select **Next**. 9. Select **Next**.
![Image of System Center Configuration Manager wizard](images/sccm-confirm.png) ![Image of Configuration Manager wizard](images/sccm-confirm.png)
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
## Endpoint detection and response ## Endpoint detection and response
### Windows 10 ### Windows 10
From within the Microsoft Defender Security Center it is possible to download From within the Microsoft Defender Security Center it is possible to download
the '.onboarding' policy that can be used to create the policy in System Center Configuration the '.onboarding' policy that can be used to create the policy in Microsoft Endpoint Configuration Manager and deploy that policy to Windows 10 devices.
Manager and deploy that policy to Windows 10 devices.
1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding). 1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding).
2. Under Deployment method select the supported version of **System Center Configuration Manager**. 2. Under Deployment method select the supported version of **Configuration Manager**.
![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-onboarding-wizard.png) ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-onboarding-wizard.png)
@ -274,15 +273,15 @@ Manager and deploy that policy to Windows 10 devices.
![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-download-package.png) ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-download-package.png)
4. Save the package to an accessible location. 4. Save the package to an accessible location.
5. In System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. 5. In Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**. 6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
![Image of System Center Configuration Manager wizard](images/sccm-create-policy.png) ![Image of Configuration Manager wizard](images/sccm-create-policy.png)
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**. 7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
![Image of System Center Configuration Manager wizard](images/sccm-policy-name.png) ![Image of Configuration Manager wizard](images/sccm-policy-name.png)
8. Click **Browse**. 8. Click **Browse**.
@ -305,7 +304,7 @@ Manager and deploy that policy to Windows 10 devices.
15. Click **Close** when the Wizard completes. 15. Click **Close** when the Wizard completes.
16. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**. 16. In the Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
![Image of configuration settings](images/4a37f3687e6ff53a593d3670b1dad3aa.png) ![Image of configuration settings](images/4a37f3687e6ff53a593d3670b1dad3aa.png)
@ -371,14 +370,14 @@ Specifically, for Windows 7 SP1, the following patches must be installed:
[KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework). [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework).
Do not install both on the same system. Do not install both on the same system.
To deploy the MMA with System Center Configuration Manager, follow the steps To deploy the MMA with Microsoft Endpoint Configuration Manager, follow the steps
below to utilize the provided batch files to onboard the systems. The CMD file below to utilize the provided batch files to onboard the systems. The CMD file
when executed, will require the system to copy files from a network share by the when executed, will require the system to copy files from a network share by the
System, the System will install MMA, Install the DependencyAgent, and configure System, the System will install MMA, Install the DependencyAgent, and configure
MMA for enrollment into the workspace. MMA for enrollment into the workspace.
1. In System Center Configuration Manager console, navigate to **Software 1. In the Configuration Manager console, navigate to **Software
Library**. Library**.
2. Expand **Application Management**. 2. Expand **Application Management**.
@ -387,15 +386,15 @@ MMA for enrollment into the workspace.
4. Provide a Name for the package, then click **Next** 4. Provide a Name for the package, then click **Next**
![Image of System Center Configuration Manager console](images/e156a7ef87ea6472d57a3dc594bf08c2.png) ![Image of Configuration Manager console](images/e156a7ef87ea6472d57a3dc594bf08c2.png)
5. Verify **Standard Program** is selected. 5. Verify **Standard Program** is selected.
![Image of System Center Configuration Manager console](images/227f249bcb6e7f29c4d43aa1ffaccd20.png) ![Image of Configuration Manager console](images/227f249bcb6e7f29c4d43aa1ffaccd20.png)
6. Click **Next**. 6. Click **Next**.
![Image of System Center Configuration Manager console](images/2c7f9d05a2ebd19607cc76b6933b945b.png) ![Image of Configuration Manager console](images/2c7f9d05a2ebd19607cc76b6933b945b.png)
7. Enter a program name. 7. Enter a program name.
@ -411,17 +410,17 @@ MMA for enrollment into the workspace.
13. Click **Next**. 13. Click **Next**.
![Image of System Center Configuration Manager console](images/262a41839704d6da2bbd72ed6b4a826a.png) ![Image of Configuration Manager console](images/262a41839704d6da2bbd72ed6b4a826a.png)
14. Verify the configuration, then click **Next**. 14. Verify the configuration, then click **Next**.
![Image of System Center Configuration Manager console](images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png) ![Image of Configuration Manager console](images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png)
15. Click **Next**. 15. Click **Next**.
16. Click **Close**. 16. Click **Close**.
17. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP 17. In the Configuration Manager console, right-click the Microsoft Defender ATP
Onboarding Package just created and select **Deploy**. Onboarding Package just created and select **Deploy**.
18. On the right panel select the appropriate collection. 18. On the right panel select the appropriate collection.
@ -431,7 +430,7 @@ MMA for enrollment into the workspace.
## Next generation protection ## Next generation protection
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. 1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
![Image of antimalware policy](images/9736e0358e86bc778ce1bd4c516adb8b.png) ![Image of antimalware policy](images/9736e0358e86bc778ce1bd4c516adb8b.png)
@ -481,9 +480,9 @@ Protection. All these features provide an audit mode and a block mode. In audit
To set ASR rules in Audit mode: To set ASR rules in Audit mode:
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. 1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
![Image of System Center Configuration Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png) ![Image of Configuration Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png)
2. Select **Attack Surface Reduction**. 2. Select **Attack Surface Reduction**.
@ -491,26 +490,26 @@ To set ASR rules in Audit mode:
3. Set rules to **Audit** and click **Next**. 3. Set rules to **Audit** and click **Next**.
![Image of System Center Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png) ![Image of Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png)
4. Confirm the new Exploit Guard policy by clicking on **Next**. 4. Confirm the new Exploit Guard policy by clicking on **Next**.
![Image of System Center Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png) ![Image of Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png)
5. Once the policy is created click **Close**. 5. Once the policy is created click **Close**.
![Image of System Center Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png) ![Image of Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png)
6. Right-click on the newly created policy and choose **Deploy**. 6. Right-click on the newly created policy and choose **Deploy**.
![Image of System Center Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png) ![Image of Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png)
7. Target the policy to the newly created Windows 10 collection and click **OK**. 7. Target the policy to the newly created Windows 10 collection and click **OK**.
![Image of System Center Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png) ![Image of Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png)
After completing this task, you now have successfully configured ASR rules in audit mode. After completing this task, you now have successfully configured ASR rules in audit mode.
@ -541,15 +540,15 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
### To set Network Protection rules in Audit mode: ### To set Network Protection rules in Audit mode:
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. 1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
![A screenshot System Center Confirugatiom Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) ![A screenshot Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png)
2. Select **Network protection**. 2. Select **Network protection**.
3. Set the setting to **Audit** and click **Next**. 3. Set the setting to **Audit** and click **Next**.
![A screenshot System Center Confirugatiom Manager](images/c039b2e05dba1ade6fb4512456380c9f.png) ![A screenshot Configuration Manager](images/c039b2e05dba1ade6fb4512456380c9f.png)
4. Confirm the new Exploit Guard Policy by clicking **Next**. 4. Confirm the new Exploit Guard Policy by clicking **Next**.
@ -561,42 +560,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
6. Right-click on the newly created policy and choose **Deploy**. 6. Right-click on the newly created policy and choose **Deploy**.
![A screenshot System Center Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png) ![A screenshot Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png)
7. Select the policy to the newly created Windows 10 collection and choose **OK**. 7. Select the policy to the newly created Windows 10 collection and choose **OK**.
![A screenshot System Center Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png) ![A screenshot Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png)
After completing this task, you now have successfully configured Network After completing this task, you now have successfully configured Network
Protection in audit mode. Protection in audit mode.
### To set Controlled Folder Access rules in Audit mode: ### To set Controlled Folder Access rules in Audit mode:
1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. 1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
![A screenshot of System Center Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) ![A screenshot of Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png)
2. Select **Controlled folder access**. 2. Select **Controlled folder access**.
3. Set the configuration to **Audit** and click **Next**. 3. Set the configuration to **Audit** and click **Next**.
![A screenshot of System Center Configuration Manager](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) ![A screenshot of Configuration Manager](images/a8b934dab2dbba289cf64fe30e0e8aa4.png)
4. Confirm the new Exploit Guard Policy by clicking on **Next**. 4. Confirm the new Exploit Guard Policy by clicking on **Next**.
![A screenshot of System Center Configuration Manager](images/0a6536f2c4024c08709cac8fcf800060.png) ![A screenshot of Configuration Manager](images/0a6536f2c4024c08709cac8fcf800060.png)
5. Once the policy is created click on **Close**. 5. Once the policy is created click on **Close**.
![A screenshot of System Center Configuration Manager](images/95d23a07c2c8bc79176788f28cef7557.png) ![A screenshot of Configuration Manager](images/95d23a07c2c8bc79176788f28cef7557.png)
6. Right-click on the newly created policy and choose **Deploy**. 6. Right-click on the newly created policy and choose **Deploy**.
![A screenshot of System Center Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png) ![A screenshot of Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png)
7. Target the policy to the newly created Windows 10 collection and click **OK**. 7. Target the policy to the newly created Windows 10 collection and click **OK**.
![A screenshot of System Center Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png) ![A screenshot of Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png)
After completing this task, you now have successfully configured Controlled folder access in audit mode. After completing this task, you now have successfully configured Controlled folder access in audit mode.