I had a Theater Session at Ignite 2018 about how to onboard Clients and Servers to WDATP (Windows Defender Advanced Thread Protection). During this session, I asked the audience if they want to have a 20-minute demo session or just have a look at the slides. The choice was clear: Everyone voted for the demo session.
Personally, I like to have sessions which are fully packed with demos. In these sessions you learn the most, but in this case the story for a session gets lost and also the jokes during the session are difficult to made.
If you would like to watch the session first, here we go:
How to onboard your clients to Windows Defender Advanced Threat Protection – THR3088
Please consider, that there are some changes for onboarding (around minute 9:00) since it is the explanation about onboarding with Intune. Especially in minute 11:30, the explanation is for the new material that I will write down here.
In the Intune Version for Microsoft Intune – Week of October 1, 2018: https://docs.microsoft.com/en-us/intune/whats-new#week-of-october-1-2018
Have a look at https://docs.microsoft.com/en-us/intune/whats-new#windows-defender-atp-configuration-package-automatically-added-to-configuration-profile–
Here we have some new information in Intune:
Log in to your Intune Tenant over the portal.azure.com and click on Intune / Device compliance / Windows Defender ATP.
As you saw in the session, you have to connect your Intune to the Security Center first and afterwards you can see the connection status “Available”. When you are connected, you can also see the doughnut chart which informs you about devices without ATP agent.
When you click on the link “Create a device configuration profile to configure the ATP Agent” below the doughnut chart, you will be routed directly to the Intune / Device configuration / Profiles where you can perform the following steps:
- Create a new profile
- Chose a name
- Select the platform “Windows10 and later”
- Select the profile type “Windows Def ATP”
- Select “Configure”
As you can see, you don’t have to upload the Intune Onboarding script anymore since the only two options are “Sample sharing for all files” and “Expedite telemetry reporting frequency”. Just enable both and that’s it.
To onboard every client to your environment, you just have to assign the profile to a device group or all device groups.
If you now have a look at your old created profile with the onboarding file, you can still see there the file you uploaded, but there is no more a need to use it. In case you have the new profile assigned to all your devices, you can easily delete the old profile.
It is now very easy, right?
But please test it out, so it is really running in your production, before you delete the old profile.
Hope it helps and saves you some time to have a beer….