Windows Defender ATP – Onboarding Endpoint with Configuration Manager 1606 or higher

To be able to review Windows 10 endpoints (Anniversary Update or higher) into Windows Defender ATP, you will need to onboard first. There are several ways to do so including scripts, Group Policy, Intune, Configuration Manager 2012 through current branch 1602. With the release of Configuration Manager branch update 1606, it now includes integrated Windows Defender ATP to be able to monitor and deploy the policies.

  1. To get started, login to the Windows Defender ATP site to download the policies https://securitycenter.windows.com/download
  2. Choose the drop down Select your deployment tool, and select the System Center Configuration Manager (current branch) version 1606

  3. This will download a ZIP file with the onboarding package. Unzip it to where you can access it with ConfigMgr.
  4. Under Assets and Compliance, expand Endpoint Protection where you will see Windows Defender ATP Policies. Select Windows Defender ATP Policies , and click Create Windows Defender ATP Policy from the toolbar or right click.
  5. Follow the wizard to import the onboarding file you downloaded from the site. (NOTE: SCREENSHOT SHOWS OFFBOARDING, BUT SHOULD BE ONBOARDING)

  6. Once done, you will see the policies in the console. Right client or from the toolbar, click Deploy.

  7. You can do this for off-boarding as well. From the same site, you can select to download the off-boarding package and then follow the steps above to import into ConfigMgr.

Chicago Systems Management Users Group (CSMUG)

After couple of years of debates to do this or not, we have decided to move forward with this group.  There is no similar group like this in Chicagoland area.  We have done topics with the Chicago Windows User Group in the past and will continue to support them in joint events.  However, the membership for a Windows user group vs. a System Center, EMS, datacenter and client management, is much different.

If you are in the Chicago area, please sign up.

http://www.meetup.com/Chicago-Systems-Management-Users-Group-CSMUG/

The group is co-founded by Rich Lilly.  Check out his blog here and follow him on Twitter

Jay @jparekh_tech

Microsoft Intune – March Update

Microsoft will be making the next update for Microsoft Intune between March 4, 2015 and March 7, 2015. New Intune standalone (cloud only) features that will be released as part of this service update include:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

It’s important to note that the updates are for the stand alone Cloud only and not the integrated with SCCM. Updated to the integrated extensions are usually 3-6 months after the standalone is available.

Jay