Microsoft Endpoint Protection Mac Client

Posted : admin | On 11-05-2021

Mar 21, 2019  Starting today, Microsoft Defender ATP customers can sign up for a limited preview, which will provide next-gen antivirus protection on Mac, and we will be adding Endpoint Detection and Response, as well as TVM capabilities, during the preview program. You can learn more about this expansion of capabilities in our Tech Community blog. Jun 27, 2012  To do this, click the System Center Endpoint Protection for Mac icon in the menu bar, and then click Open System Center 2012 Endpoint Protection. Click Activate advanced mode. Click Setup, click Antivirus and antispyware, and then click Disable.

-->

Applies to: Configuration Manager (current branch)

This procedure configures custom client settings for Endpoint Protection, which you can deploy to collections of devices in your hierarchy.

Important

Only configure the default Endpoint Protection client settings if you're sure that you want them applied to all computers in your hierarchy.

To enable Endpoint Protection and configure custom client settings

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Client Settings.

  3. On the Home tab, in the Create group, click Create Custom Client Device Settings.

  4. In the Create Custom Client Device Settings dialog box, provide a name and a description for the group of settings, and then select Endpoint Protection.

  5. Configure the Endpoint Protection client settings that you require. For a full list of Endpoint Protection client settings that you can configure, see the Endpoint Protection section in About client settings.

    Important

    Install the Endpoint Protection site system role before you configure client settings for Endpoint Protection.

  6. Click OK to close the Create Custom Client Device Settings dialog box. The new client settings are displayed in the Client Settings node of the Administration workspace.

  7. Next, deploy the custom client settings to a collection. Select the custom client settings you want to deploy. In the Home tab, in the Client Settings group, click Deploy.

  8. In the Select Collection dialog box, choose the collection to which you want to deploy the client settings and then click OK. The new deployment is shown in the Deployments tab of the details pane.

Clients are configured with these settings when they next download client policy. For more information, see Initiate policy retrieval for a Configuration Manager client.

How to provision the Endpoint Protection client in a disk image

Install the Endpoint Protection client on a computer that you intend to use as a disk image source for Configuration Manager OS deployment. This computer is typically called the reference computer. After you create the OS image, then use Configuration Manager OS deployment to deploy the image.

Important

Windows 10 and Windows Server 2016 have Windows Defender installed by default. You don't need this procedure on those versions of Windows.

Mac

Use the following procedures to help you install and configure the Endpoint Protection client on a reference computer.

Prerequisites

The following list contains the required prerequisites for installing the Endpoint Protection client software on a reference computer.

  • You must have access to the Endpoint Protection client installation package, scepinstall.exe. Find this package in the Client folder of the Configuration Manager installation folder on the site server.

  • To deploy the Endpoint Protection client with your organization's required configuration, create and export an antimalware policy. Then specify this policy when you manually install the Endpoint Protection client. For more information, see How to create and deploy antimalware policies.

    Note

    You can't export the Default Client Antimalware Policy.

  • If you want to install the Endpoint Protection client with the latest definitions, download them from Windows Defender Security Intelligence.

Note

Microsoft Endpoint Protection Mac Client

Starting in Configuration Manager 1802, you don't need to install the Endpoint Protection agent (SCEPInstall) on Windows 10 devices. If it's already installed on Windows 10 devices, Configuration Manager doesn't remove it. Administrators can remove the Endpoint Protection agent on Windows 10 devices that are running at least the 1802 client version. SCEPInstall.exe may still be present in C:Windowsccmsetup on some machines, but new client installations shouldn't download it.

How to install the Endpoint Protection client on the reference computer

Install the Endpoint Protection client locally on the reference computer from a command prompt. First get the installation file scepinstall.exe. For more information, see Install the Endpoint Protection client from a command prompt.

If necessary, also include a preconfigured antimalware policy or with an antimalware policy that you previously exported.

To install the Endpoint Protection client from a command prompt

  1. Copy scepinstall.exe from the Client folder of the Configuration Manager installation folder to the computer on which you want to install the Endpoint Protection client software.

  2. Open a command prompt as an administrator. Change directory to the folder with the installer. Then run scepinstall.exe, adding any additional command-line properties that you require:

    PropertyDescription
    /sRun the installer silently
    /qExtract the setup files silently
    /iRun the installer normally
    /policySpecify an antimalware policy file to configure the client during installation
    /sqmoptinOpt-in to the Microsoft Customer Experience Improvement Program (CEIP)

  3. Follow the on-screen instructions to complete the client installation.

  4. If you downloaded the latest update definition package, copy the package to the client computer, and then double-click the definition package to install it.

    Note

    After the Endpoint Protection client install completes, the client automatically performs a definition update check. If this update check succeeds, you don't have to manually install the latest definition update package.

Example: install the client with an antimalware policy

scepinstall.exe /policy <full path><policy file>

Verify the Endpoint Protection client installation

Microsoft Endpoint Protection Licensing

After you install the Endpoint Protection client on your reference computer, verify that the client is working correctly.

  1. On the reference computer, open System Center Endpoint Protection from the Windows notification area.

  2. On the Home tab of the System Center Endpoint Protection dialog box, verify that Real-time protection is set to On.

  3. Verify that Up-to-date is displayed for Virus and spyware definitions.

  4. To make sure that your reference computer is ready for imaging, under Scan options, select Full, and then click Scan now.

Prepare the Endpoint Protection client for imaging

System Center Endpoint Protection

Perform the following steps to prepare the Endpoint Protection client for imaging:

  1. On the reference computer, sign in as an administrator.

  2. Download and install PsExec from Windows SysInternals.

  3. Run a command prompt as an administrator, change directory to the folder where you installed PsTools, and then type the following command:

    psexec.exe -s -i regedit.exe

    Important

    Use caution when you run the Registry Editor in this manner. PsExec.exe runs it in the LocalSystem context.

  4. In the Registry Editor, delete the following registry keys:

    Important

    Delete these registry keys as the last step before imaging the reference computer. The Endpoint Protection client recreates these keys when it starts. If you restart the reference computer, delete the registry keys again.

    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareInstallTime

    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastScanRun

    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastScanType

    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastQuickScanID

    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft AntimalwareScanLastFullScanID

    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemovalToolsMRTGUID

You're now ready to prepare the reference computer for imaging.

When you deploy an OS image that contains the Endpoint Protection client, it automatically reports information to the device's assigned Configuration Manager site. The client downloads and applies any targeted antimalware policy.

See also

Microsoft Forefront

For more information about OS deployment in Configuration Manager, see Manage OS images.

-->

Applies to: Configuration Manager (current branch)

Endpoint Protection can help manage and monitor Microsoft Defender Advanced Threat Protection (ATP) (formerly known as Windows Defender ATP). Microsoft Defender ATP helps enterprises detect, investigate, and respond to advanced attacks on their networks. Configuration Manager policies can help you onboard and monitor Windows 10 clients.

Microsoft Defender ATP is a service in the Windows Defender Security Center. By adding and deploying a client onboarding configuration file, Configuration Manager can monitor deployment status and Microsoft Defender ATP agent health. Microsoft Defender ATP is supported on PCs running the Configuration Manager client or managed by Microsoft Intune.

Prerequisites

  • Subscription to the Microsoft Defender Advanced Threat Protection online service
  • Clients computers running the Configuration Manager client
  • Clients using an OS listed in the Supported client operating systems section below.

Microsoft Endpoint Protection Mac Client Windows 10

Supported client operating systems

Based on the version of Configuration Manager you're running, the following client operating systems can be onboarded:

Configuration Manager version 1910 and prior

  • Clients computers running Windows 10, version 1607 and later

Configuration Manager version 2002 and later

  • Windows 7 SP1
  • Windows 8.1
  • Windows 10, version 1607 or later
  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2016, version 1803
  • Windows Server 2019

Create an onboarding configuration file

  1. Go to the Microsoft Defender ATP online service and sign in.
  2. Select Machine Management under Settings, and then select Onboarding.
  3. Select the operating systems you'd like to onboard from the list.
    • If you're onboarding Windows 10, Windows Server 1803, and Windows Server 2019:
      1. Select Configuration Manager (current branch) version 1606 and select Download package.
      2. Download the compressed archive (.zip) file and extract the contents.
    • If you're onboarding another Windows operating system:
      1. Select the operating systems you'd like to onboard from the list. For example, choose either Windows 7 and 8.1 or Windows Server 2008 R2 SP1, 2012 R2 and 2016.
      2. Copy the values for the Workspace key and Workspace ID from the Configure connection section once the process completes.

Important

The Microsoft Defender ATP configuration file contains sensitive information which should be kept secure.

Microsoft Endpoint Protection Mac Client

Onboard devices

  1. In the Configuration Manager console, navigate to Assets and Compliance > Endpoint Protection > Windows Defender ATP Policies and select Create Windows Defender ATP Policy. The Microsoft Defender ATP Policy Wizard opens.

  2. Type the Name and Description for the Microsoft Defender ATP policy and select Onboarding.

  3. Browse to the Configuration file provided by your organization's Microsoft Defender ATP cloud service tenant.

    • For Windows 7 and 8.1 or Windows Server 2008 R2 SP1, 2012 R2 and 2016, provide the Workspace key and Workspace ID.

  4. Specify the file samples that are collected and shared from managed devices for analysis.

    • None

    • All file types

  5. Review the summary and complete the wizard.

Select Deploy to target the Microsoft Defender ATP policy to clients.

Monitor

Microsoft Endpoint Protection Mac Client Free

  1. In the Configuration Manager console, navigate Monitoring > Security and then select Windows Defender ATP.

  2. Review the Microsoft Defender Advanced Threat Protection dashboard.

    • Windows Defender Agent Deployment Status: The number and percentage of eligible managed client computers with active Microsoft Defender ATP policy onboarded

    • Windows Defender ATP Agent Health: Percentage of computer clients reporting status for their Microsoft Defender ATP agent

      • Healthy - Working properly

      • Inactive - No data sent to service during time period

      • Agent state - The system service for the agent in Windows isn't running

      • Not onboarded - Policy was applied but the agent hasn't reported policy onboard

Create an offboarding configuration file

Microsoft Endpoint Protection Mac Client Login

  1. Sign in to the Microsoft Defender ATP online service.

  2. Select Machine Management under Settings, and then select Onboarding.

  3. Select Configuration Manager (current branch) version 1606 and select Endpoint offboarding.

  4. Download the compressed archive (.zip) file and extract the contents. Offboarding files are valid for 30 days.

  5. In the Configuration Manager console, navigate to Assets and Compliance > Endpoint Protection > Windows Defender ATP Policies and select Create Windows Defender ATP Policy. The Microsoft Defender ATP Policy Wizard opens.

  6. Type the Name and Description for the Microsoft Defender ATP policy and select Offboarding.

  7. Browse to the Configuration file provided by your organization's Microsoft Defender ATP cloud service tenant.

  8. Review the summary and complete the wizard.

Select Deploy to target the Microsoft Defender ATP policy to clients.

Microsoft Endpoint Protection Update

Important

The Microsoft Defender ATP configuration files contains sensitive information which should be kept secure.

Next steps