Onboarding Clients to WDATP with Intune

Hi all,

I had a Theater Session at Ignite 2018 about how to onboard Clients and Servers to WDATP (Windows Defender Advanced Thread Protection). During this session, I asked the audience if they want to have a 20-minute demo session or just have a look at the slides. The choice was clear: Everyone voted for the demo session.

Personally, I like to have sessions which are fully packed with demos. In these sessions you learn the most, but in this case the story for a session gets lost and also the jokes during the session are difficult to made.

If you would like to watch the session first, here we go:

How to onboard your clients to Windows Defender Advanced Threat Protection  – THR3088


Please consider, that there are some changes for onboarding (around minute 9:00) since it is the explanation about onboarding with Intune. Especially in minute 11:30, the explanation is for the new material that I will write down here.

In the Intune Version for Microsoft Intune – Week of October 1, 2018: https://docs.microsoft.com/en-us/intune/whats-new#week-of-october-1-2018

Have a look at https://docs.microsoft.com/en-us/intune/whats-new#windows-defender-atp-configuration-package-automatically-added-to-configuration-profile

Here we have some new information in Intune:

Log in to your Intune Tenant over the portal.azure.com and click on Intune / Device compliance / Windows Defender ATP.

As you saw in the session, you have to connect your Intune to the Security Center first and afterwards you can see the connection status “Available”. When you are connected, you can also see the doughnut chart which informs you about devices without ATP agent.

Home > Microsoft Intune > Device compliance - Windows Defender ATP Microsoft Intune O Overview Quick start Manage x Device compliance - Windows Defender ATP Delete O Overview Manage Policies Notifications Locations Monitor Device compliance Devices without compliance PO... Setting compliance Policy compliance Audit logs Windows health attestation rep... Threat agent status Compliance policy settings Windows Defender ATP Mobile Threat Defense Partner device management Help and support Help and support R save X Discard Connection status O Available Last synchronized 10/6/2018, 10:30:52 AM u Device enrollment Device compliance Device configuration Devices Client apps eBooks Conditional access On-premises access Users Groups Roles Software updates Help and support u Help and support Troubleshoot Connect Windows devices version 10.015063 and above to Windows Defender ATP O Block unsupported OS versions O Number of days until partner is unresponsive O Open the Windows Defender ATP admin console Create a trial acccnJnt for Windows Defender ATP Windows 10 devices need to be configured with Windows Defender ATP to obtain their health state. Create a device configuration profile to configure ATP agent List of devices without ATP agent Windows Defender Advanced Threat Protection wdh ATP nent ATP

When you click on the link “Create a device configuration profile to configure the ATP Agent” below the doughnut chart, you will be routed directly to the Intune / Device configuration / Profiles where you can perform the following steps:

    1. Create a new profile
    2. Chose a name
    3. Select the platform “Windows10 and later”
    4. Select the profile type “Windows Def ATP”
    5. Select “Configure”

Create profile * Name New Onboarding to ATP Description Platform Windows 10 and later * Profile type Windows Defender ATP (Windows 10 Des... v Settings Configure Scope (Tags) O scope(s) selected x Windows Advanced Threat Protection Windows 10 and Later Sample sharing for all files O Expedite telemetry reporting frequency O x Enable Enable Not configured Not configured

As you can see, you don’t have to upload the Intune Onboarding script anymore since the only two options are “Sample sharing for all files” and “Expedite telemetry reporting frequency”. Just enable both and that’s it.

To onboard every client to your environment, you just have to assign the profile to a device group or all device groups.

If you now have a look at your old created profile with the onboarding file, you can still see there the file you uploaded, but there is no more a need to use it. In case you have the new profile assigned to all your devices, you can easily delete the old profile.

Machine generated alternative text: 1 ATP OnBoarding - Properties Device configuration profile p Search (Ctrl +/,I o Overview Manage Properties Assignments Monitor Device status User status Per-setting status x Save X Discard 1 ATP OnBoarding Description Enter a description.. * Platform Windows 10 and later * Profile type Windows Defender ATP (Windows 10 Des... v Settings 3 configured Scope (Tags) 0 scope(s) selected Windows Advanced Threat Protection Windows 10 and later Windows Defender ATP client configuration package type O Onboard ing O Onboard Configurati Upload a signed con client Sele a file c ge: 'nows en er .on ur t' n Remove ard the Windows Defender ATP Sample sharing for all files O Expedite telemetry reporting frequency O Enable Enable Not configured Not configured

It is now very easy, right?

But please test it out, so it is really running in your production, before you delete the old profile.

Hope it helps and saves you some time to have a beer….