The optional Workspace key and Workspace ID fields are used for onboarding down-level devices that require MMA, but if they aren't included then the policy will fail on down-level clients that require MMA. If your target collection contains down-level devices that require MMA, and you use the instructions for onboarding using MDE Client, then the down-level devices won't be onboarded. If your target collection contains down-level server operating system devices that require MMA (based on the client settings) or Windows 8.1 devices, then use the instructions to onboard devices using Microsoft Monitoring Agent.If your collection contains only up-level devices and/or down-level server operating system devices that require MDE Client (based on the client settings), then you can use the onboarding instructions using Microsoft Defender for Endpoint Client (recommended).The instructions for onboarding these devices vary based on if you're targeting a collection containing devices with operating systems that are only up-level and devices that support MDE Client or if the collection also includes down-level clients that require MMA. Sometimes the target collection contains devices running any number of the supported operating systems. When you onboard devices to Microsoft Defender for Endpoint with Configuration Manager, you deploy the Defender policy to a target collection or multiple collections. For older supported versions, see Server migration scenarios. Configuration Manager version 2207 now supports automatic deployment of MDE Client, if you choose to use through Client Settings. Configuration Manager version 2107 with the update rollup supports configuration using Endpoint Protection policies, including those policies created in the Microsoft Intune admin center using tenant attach. Configuration Manager also installs the Microsoft Monitoring Agent (MMA) when needed by onboarded devices but it doesn't update the agent automatically.ĭown-level operating systems that support MDE Client include:ĭown-level operating systems that require MMA Agent:Ĭurrently, the modern, unified Microsoft Defender for Endpoint for Windows Server 2012 R2 & 2016 is generally available. If you choose to use MMA, you need the Workspace key and Workspace ID to onboard. For Windows 8.1 devices, you need to use Microsoft Monitoring Agent (MMA) (legacy) in the Client Settings. Starting Current Branch 2207, For down-level server operating system devices, you can choose between Microsoft Defender for Endpoint (MDE) Client (recommended) or Microsoft Monitoring Agent (MMA) (legacy) in the Client Settings. Up-level devices, such as Windows Server version 1803, need the onboarding configuration file. Instructions to Onboarding to Microsoft Defender for Endpoint with Configuration Manager 2203 and earlier versions Onboarding to Microsoft Defender for Endpoint with Configuration Manager 2207 and later versionsĭifferent operating systems have different needs for onboarding to Microsoft Defender for Endpoint. Instructions to Onboarding to Microsoft Defender for Endpoint with Configuration Manager 2207 and later versions For more information about supported operating systems and capabilities with Microsoft Defender for Endpoint, see Minimum requirements for Microsoft Defender for Endpoint. Operating systems that have reached the end of their product lifecycle aren't typically supported for onboarding unless they have been enrolled into the Extended Security Updates (ESU program).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |