We recommend that you use a local script to onboard Mac. If successful, the detection test is marked as completed, and a new alert appears in the Microsoft 365 Defender portal ( ) for the newly onboarded device within about 10 minutes. In the Command Prompt window, run the following PowerShell command: powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue' (New-Object ).DownloadFile('', 'C:\\test-MDATP-test\\invoice.exe') Start-Process 'C:\\test-MDATP-test\\invoice.exe'Īfter the command runs, the Command Prompt window closes automatically. ![]() On the Windows device, create a folder: C:\test-MDATP-test. Run a detection test on a Windows 10 or 11 deviceĪfter you've onboarded Windows devices to Defender for Business, you can run a detection test on the device to make sure that everything is working correctly. Share this article with users in your organization: Enroll Windows 10/11 devices in Intune. Learn more about device groups in Defender for Business. In the MAM user scope section, we recommend the following default values for the URLs:Īfter a device is enrolled in Intune, you can add it to a device group in Defender for Business. Select Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune.Ĭonfigure the MDM User scope and the MAM user scope.įor MDM User scope, we recommend that you select All so that all users can automatically enroll their Windows devices. In the background, the device registers and joins Azure Active Directory (Azure AD) and is enrolled in Intune. When you set up automatic enrollment, users add their work account to the device. Ask users to enroll their own Windows 10/11 devices in IntuneĮnable automatic enrollment for Windows 10 and 11.Enable Windows automatic enrollment for company-owned or company-managed devices.We recommend using one of the following methods: There are several methods available for enrolling devices in Intune. You can onboard Windows clients and other devices in Intune by using the Intune admin center ( ). The steps for onboarding to Defender for Business are similar. This article describes the steps for onboarding to Microsoft Defender for Endpoint. If you prefer to use Group Policy to onboard Windows clients, follow the guidance in Onboard Windows devices using Group Policy. For example, if you copied the file to the Desktop folder, you would type %userprofile%\Desktop\WindowsDefenderATPLocalOnboardingScript.cmd, and then press the Enter key (or select OK).Īfter the script runs, Run a detection test. ![]() Open a command prompt as an administrator. You should have a file named WindowsDefenderATPLocalOnboardingScript.cmd. On a Windows device, extract the contents of the configuration package to a location, such as the Desktop folder. We recommend that you save the onboarding package to a removable drive. Select Windows 10 and 11, and then, in the Deployment method section, choose Local script. In the navigation pane, choose Settings > Endpoints, and then under Device management, choose Onboarding. Go to the Microsoft 365 Defender portal ( ), and sign in. We recommend that you onboard up to 10 devices at a time when you use the local script method. If you're not currently using Intune, the local script method is the recommended onboarding method for Defender for Business customers. When you run the onboarding script on a device, it creates a trust with Azure Active Directory (if that trust doesn't already exist), enrolls the device in Microsoft Intune (if it isn't already enrolled), and then onboards the device to Defender for Business. You can use a local script to onboard Windows client devices. Microsoft Intune (if you're already using Intune). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |