Updates from: 01/28/2023 05:21:00
Category Microsoft Docs article Related commit history on GitHub Change details
admin Add New Employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-new-employee.md
Just like Facebook, Amazon, or Gmail, your employee signs in to use Microsoft 36
## Step 4: Help your employee get started
-Share with them the [Employee quick setup for Microsoft 365](../setup/employee-quick-setup.md) to sign in, install software, set up email, and more.
+Share with them the [Employee quick setup for Microsoft 365](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) to sign in, install software, set up email, and more.
And here's a quick reference to help get them started:
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
You can also filter by additional user profile details used in your organization
## Next steps
-After you add a user, you get an email notification from Microsoft. The email contains the person's user ID and password so they can sign in to Microsoft 365. Use your normal process for communicating new passwords. Share the [Employee quickstart guide](../setup/employee-quick-setup.md) with your new users to set up things, like how to [download and install Office apps on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and how to [set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
+After you add a user, you get an email notification from Microsoft. The email contains the person's user ID and password so they can sign in to Microsoft 365. Use your normal process for communicating new passwords. Share the [Employee quickstart guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) with your new users to set up things, like how to [download and install Office apps on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and how to [set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
## Related content
admin Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-support.md
Scan this QR code to follow us on WeChat and get the latest updates for Office 3
## Related content [Find docs and training](index.yml) (link page)\
-[Employee quick setup](setup/employee-quick-setup.md) (article)\
+[Employee quick setup](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) (article)\
[Overview of Microsoft 365 Business Premium setup](setup/plan-your-setup.md) (video)
admin Assign Licenses To Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md
You can invite guest users to collaborate with your organization in the Azure Ac
## Next steps
-If your users don't yet have the Office apps installed, you can share the [Employee quick start guide](../setup/employee-quick-setup.md) with your users to set up things, like [how to download and install Microsoft 365 or Office 2019 on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and [how to set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
+If your users don't yet have the Office apps installed, you can share the [Employee quick start guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) with your users to set up things, like [how to download and install Microsoft 365 or Office 2019 on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) and [how to set up Office apps and email on a mobile device](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f).
## Related content
admin Employee Quick Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/employee-quick-setup.md
- Title: "Employee quick-setup guide"-- NOCSH-------- Tier2-- scotvorg -- highpri-- M365-subscription-management -- Adm_O365--- VSBFY23-- AdminSurgePortfolio-- adminvideo
-monikerRange: 'o365-worldwide'
-- BCS160-- MET150-- MOE150
-description: "Help your employees learn how to set up the apps they get with Microsoft 365."
--
-# Employee quick setup in Microsoft 365 for business
-
-The best way to get started using Microsoft 365 as an employee of a small business is to watch the [Employee quick setup video](https://go.microsoft.com/fwlink/?linkid=2220354). This video provides the basics of how to set up your account and start using your apps, and is a great introduction to the wide range of features available with Microsoft 365.
-
-The steps below will guide you through the same process as the video.
--
-## 1. Sign in to Office
-
-1. Go to [Office.com](https://office.com) and choose **Sign in**.
-1. Type your Microsoft 365 email and password, then **Sign in**.
-
-## 2. Download and install Office apps
-
-1. Choose **Install Office** in the upper right.
- - In Chrome, go to the download on the bottom of the page and choose **Open**.
- - In Microsoft Edge/IE, choose **Save** then **Run**.
-
- If asked to allow the app to make changes, choose **Yes**. Let Office setup begin.
- - On a Mac, open Microsoft **Office_2016_Installer.pkg**
-
-## 3. Open Outlook and add your account
-
-1. Open **Outlook** on your computer. In the Tell me field, type **account** then **Add Account**.
-
- :::image type="content" source="../../media/add-outlook-account.png" alt-text="A figure showing how to add an account to Outlook.":::
---
-1. Type your name, email, and password then **Next**.
-
-> [!TIP]
-> To import your old email, export it to a PST file, then import it, like this.
-
-## 4. Save or copy files to OneDrive
--- Save documents to **OneDrive** from the **Save As** menu in Office apps.
- :::image type="content" source="../../media/save-onedrive.png" alt-text="Imge that whos how to Save As to OneDrive.":::
--- Or copy files from your Desktop or Documents to **OneDrive**.-
- :::image type="content" source="../../media/save-to-onedrive-from-docs.png" alt-text="Image showing how to save to OneDrive from Documents folder.":::
-
- > [!TIP]
- > You can also store files on [sites](https://support.microsoft.com/office/d18d21a0-1f9f-4f6c-ac45-d52afa0a4a2e) in Microsoft 365.
-
-## 5. Share Documents
-
-1. Share your documents with others by choosing **Share**.
-
- :::image type="content" source="../../media/share-office-doc.png" alt-text="Share icon in an Office app.":::
-
-1. Type their email address, choose read or edit, include a message and **Share**.
-1. Or choose **Get sharing link** on the bottom of the screen.
-
-## 6. Get Outlook on your phone
--- Get **Outlook** on your phone from App store or Google Play store. Open it, and choose **Get Started** and add your email and password.-- Or, open Outlook on an iOS or Android device and go to **Settings**.-
- Choose **Add Account** then **Add Email Account** then type your email and password.
-- On a **Windows Phone**, choose **Settings**, **Email + accounts**, **Add an account**, and then **Exchange**.
business-premium M365 Campaigns Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-setup.md
Users who have been added to your Microsoft 365 for Campaigns (or Microsoft 365
2. Sign in using the username and password for the account. Users will have this information in the email they receive when they are added as users. If they can't find the email, see [user didn't receive invite email](../admin/simplified-signup/admin-invite-business-standard.md#i-shared-an-email-invite-but-the-user-didnt-receive-the-email). > [!TIP]
-> Provide your staff a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md) for help signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.
+> Provide your staff a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) for help signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.
## Customize your sign-in page with a privacy and consent notice
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
Microsoft 365 Business Premium includes a guided process. The following video sh
**As soon as you've completed the guided setup process, proceed to [boost your security protection](m365bp-security-overview.md)**. > [!TIP]
-> After you have added users, give them a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md). The guide walks them through signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.
+> After you have added users, give them a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). The guide walks them through signing in, getting Microsoft 365 apps, and saving, copying, and sharing files.
### The guided setup process, step by step
compliance Dlp Configure Endpoint Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoint-settings.md
To find the full path of Mac apps:
To prevent sensitive items from being synced to the cloud by cloud sync apps, like *onedrive.exe*, add the cloud sync app to the **Unallowed apps** list. When an unallowed cloud-sync app tries to access an item that is protected by a blocking DLP policy, DLP may generate repeated notifications. You can avoid these repeated notifications by enabling the **Auto-quarantine** option under **Unallowed apps**.
-##### Auto-quarantine (preview)
-
-> [!NOTE]
-> Auto-quarantine is supported in Windows 10 only
+##### Auto-quarantine
When enabled, Auto-quarantine kicks in when an unallowed app attempts to access a DLP protected sensitive item. Auto-quarantine moves the sensitive item to an admin configured folder and can leave a placeholder **.txt** file in the place of the original. You can configure the text in the placeholder file to tell users where the item was moved to and other pertinent information.
compliance Dlp Migration Assistant For Symantec Use https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-migration-assistant-for-symantec-use.md
Use these steps to perform a DLP policy migration:
- [Step 7: View the migration report](#step-7-view-the-migration-report) - [Next Steps: After policy import](#next-steps-after-policy-import)
+## Interactive guide
+
+Check out this [interactive guide](https://mslearn.cloudguides.com/guides/Use%20the%20Microsoft%20Purview%20DLP%20migration%20assistant) for a visual walk through of the migration process.
+ ### Step 1: Log in to your account After you've installed and launched the migration assistant, you need to log in.
security Compare Mdb M365 Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md
ms.localizationpriority: medium Previously updated : 01/25/2023 Last updated : 01/26/2023 - SMB
Microsoft offers a wide variety of cloud solutions and services, including plans
## Compare Defender for Business to Microsoft 365 Business Premium
-Defender for Business provides advanced security protection for your devices, with next-generation protection, endpoint detection and response, and threat & vulnerability management. Microsoft 365 Business Premium includes Defender for Business and provides additional cybersecurity and productivity capabilities.
+Defender for Business provides advanced security protection for your devices, with next-generation protection, endpoint detection and response, and threat & vulnerability management. Microsoft 365 Business Premium includes Defender for Business and provides more cybersecurity and productivity capabilities.
:::image type="content" source="media/mdb-m365bp-comparison.png" alt-text="Diagram comparing Defender for Business to Microsoft 365 Business Premium.":::
Defender for Business brings the enterprise-grade capabilities of Defender for E
|Partner APIs|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| |[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants) |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-(<a id="fn1">1</a>) Onboard and manage devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or by using Microsoft Intune, managed in the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)).
+(<a id="fn1">1</a>) Onboard and manage devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or by using Microsoft Intune ([https://intune.microsoft.com](https://intune.microsoft.com)).
(<a id="fn2">2</a>) Intune is required to configure and manage [ASR rules](../defender-endpoint/attack-surface-reduction.md).
Defender for Business brings the enterprise-grade capabilities of Defender for E
(<a id="fn6">6</a>) In Defender for Business, threat analytics are optimized for small and medium-sized businesses.
-(<a id="fn7">7</a>) To onboard servers, an additional license is required. See the following articles:
+(<a id="fn7">7</a>) To onboard servers, another license is required. See the following articles:
- [Onboard devices to Defender for Business](mdb-onboard-devices.md) - [Onboard devices and configure Microsoft Defender for Endpoint capabilities](../defender-endpoint/onboard-configure.md)
security Get Defender Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/get-defender-business.md
ms.localizationpriority: medium Previously updated : 12/16/2022 Last updated : 01/26/2023 f1.keywords: NOCSH
Microsoft has a list of solution providers who are authorized to sell offerings,
## Portals you'll use for setup and management
-When you use Defender for Business, you'll work with two main portals: the Microsoft 365 admin center, and the Microsoft 365 Defender portal. If your subscription also includes Microsoft Intune, you might use the Intune admin center as well. The following table summarizes these portals and how you'll use them.
+When you use Defender for Business, you'll work with two main portals: the Microsoft 365 admin center, and the Microsoft 365 Defender portal. If your subscription also includes Microsoft Intune, you might use the Intune admin center instead. The following table summarizes these portals and how you'll use them.
|Portal |Description | ||| | The Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)) | Use the Microsoft 365 admin center to activate your trial and sign in for the first time.<p> You'll also use the Microsoft 365 admin center to: <ul><li>Add or remove users.</li><li>Assign user licenses.</li><li>View your products and services.</li><li>Complete setup tasks for your Microsoft 365 subscription.</li></ul>To learn more, see [Overview of the Microsoft 365 admin center](../../admin/admin-overview/admin-center-overview.md). | | The Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | Use the Microsoft 365 Defender portal to set up and configure Defender for Business.<p>You'll use the Microsoft 365 Defender portal to: <ul><li>View your devices and device protection policies.</li><li>View detected threats and take action.</li><li>View security recommendations and manage your security settings.</li></ul>To learn more, see [Get started using the Microsoft 365 Defender portal](mdb-get-started.md). |
-| The Intune admin center ([https://endpoint.microsoft.com/](https://endpoint.microsoft.com/)) | We recommend using the Microsoft 365 Defender portal to manage your security settings and devices. However, you can use the Intune admin center instead if you prefer. To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune). |
+| The Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)) | We recommend using the Microsoft 365 Defender portal to manage your security settings and devices. However, you can use the Intune admin center instead if you prefer. To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune). |
## Next steps
security Mdb Asr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-asr.md
+
+ Title: Attack surface reduction in Microsoft Defender for Business
+description: Get an overview of attack surface reduction capabilities in Microsoft Defender for Business
+++ Last updated : 01/26/2023 +++
+ms.localizationpriority: medium
+
+- m365-security
+- tier1
+
+search.appverid: MET150
+f1.keywords: NOCSH
+audience: Admin
++
+# Attack surface reduction capabilities in Microsoft Defender for Business
+
+Your attack surfaces as all the places and ways that your organization's network and devices are vulnerable to cyberthreats and attacks. Unsecured devices, unrestricted access to any URL on a company device, and allowing any type of app or script to run on company devices are all examples of attack surfaces. They leave your company vulnerable to cyberattacks.
+
+To help protect your network and devices, Microsoft Defender for Business includes several attack surface reduction capabilities. This article provides an overview of those capabilities, and includes links to more detailed information.
+
+## Attack surface reduction in Defender for Business
+
+The following table summarizes attack surface reduction capabilities in Defender for Business, and how to set them up:
+
+| Capability | Setup |
+|:|:|
+| **Attack surface reduction rules** <br/> Also referred to as ASR rules, attack surface reduction rules prevent specific actions that are commonly associated with malicious activity to run on Windows devices. | See [Enable your standard protection ASR rules](#enable-your-standard-protection-asr-rules) (in this article). |
+| **Controlled folder access** <br/>Controlled folder access allows only trusted apps to access protected folders on Windows devices. Think of this capability as ransomware mitigation. | See [Set up controlled folder access with Intune](#set-up-controlled-folder-access) (in this article). |
+| **Network protection** <br/>Network protection prevents people from accessing dangerous domains through applications on their Windows and Mac devices. Network protection is also a key component of [web content filtering](mdb-configure-security-settings.md#set-up-web-content-filtering). | Network protection is already enabled by default when devices are onboarded to Defender for Business and [next-generation protection settings](mdb-next-gen-configuration-settings.md) are applied. Your default policies are configured to use recommended security settings. |
+| **Web protection** <br/>Web protection integrates with web browsers and works with network protection to protect against web threats and unwanted content. Web protection includes web content filtering and web threat reports. | [Set up web content filtering](mdb-configure-security-settings.md#set-up-web-content-filtering). |
+| **Firewall protection** <br/>Firewall protection determines what network traffic is permitted to flow to or from your organization's devices. | Firewall protection is already enabled by default when devices are onboarded to Defender for Business and [firewall settings](mdb-firewall.md) are applied. Your default policies are configured to use recommended security settings. |
+
+## Enable your standard protection ASR rules
+
+We recommend enabling the following standard protection rules as soon as possible:
+
+- [Block credential stealing from the Windows local security authority subsystem](../defender-endpoint/attack-surface-reduction-rules-reference.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem)
+- [Block abuse of exploited vulnerable signed drivers](../defender-endpoint/attack-surface-reduction-rules-reference.md#block-abuse-of-exploited-vulnerable-signed-drivers)
+- [Block persistence through WMI event subscription](../defender-endpoint/attack-surface-reduction-rules-reference.md#block-persistence-through-wmi-event-subscription)
+
+These rules help protect your network and devices but shouldn't cause disruption for users. **To enable these rules quickly and easily, try the [Simplified standard protection option](../defender-endpoint/attack-surface-reduction-rules-report.md#simplified-standard-protection-option)**.
+
+If you prefer, you can set up your ASR rules by using Microsoft Intune.
+
+### To set up ASR rules using Intune
+
+1. As a global administrator, in the Microsoft Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)), go to **Endpoint security** > **Attack surface reduction**.
+
+2. Select an existing policy, or choose **Create policy** to create a new policy.
+
+ - For **Platform**, choose **Windows 10 and later**.
+ - For Profile, select **Attack Surface Reduction Rules**, and then choose **Create**.
+
+3. Set up your policy as follows:
+
+ 1. Specify a name and description, and then choose **Next**.
+
+ 2. For at least the following three rules, set each one to **Block**:
+
+ - **Block credential stealing from the Windows local security authority subsystem**
+ - **Block persistence through WMI event subscription**
+ - **Block abuse of exploited vulnerable signed drivers**
+
+ Then choose **Next**.
+
+ 3. On the **Scope tags** step, choose **Next**.
+
+ 4. On the **Assignments** step, choose the users or devices to receive the rules, and then choose **Next**. (We recommend selecting **Add all devices**.)
+
+ 5. On the **Review + create** step, review the information, and then choose **Create**.
+
+### View your attack surface reduction report
+
+1. As a global administrator, in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports**.
+
+2. Under **Endpoints**, choose **Attack surface reduction rules**. The report opens and includes three tabs:
+
+ - **Detections**, where you can view detections that occurred as a result of attack surface reduction rules
+ - **Configuration**, where you can apply attack surface reduction rules to devices
+ - **Add exclusions**, where you can add items to be excluded from attack surface reduction rules (use these sparingly; every exclusion reduces your level of security protection)
+
+To learn more about ASR rules, see the following articles:
+
+- [Attack surface reduction rules overview](../defender-endpoint/attack-surface-reduction.md)
+- [ASR rules report](../defender-endpoint/attack-surface-reduction-rules-report.md)
+- [ASR rules reference](../defender-endpoint/attack-surface-reduction-rules-reference.md)
+- [ASR rules deployment overview](../defender-endpoint/attack-surface-reduction-rules-deployment.md)
+
+## Set up controlled folder access
+
+1. As a global administrator, in the Microsoft Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)), go to **Endpoint security** > **Attack surface reduction**.
+
+2. Select an existing policy, or choose **Create policy** to create a new policy.
+
+ - For **Platform**, choose **Windows 10 and later**.
+ - For Profile, select **Attack Surface Reduction Rules**, and then choose **Create**.
+
+3. Set up your policy as follows:
+
+ 1. Specify a name and description, and then choose **Next**.
+
+ 2. Scroll down, and set **Enable Controlled Folder Access** to **Enabled**. Then choose **Next**.
+
+ 3. On the **Scope tags** step, choose **Next**.
+
+ 4. On the **Assignments** step, choose the users or devices to receive the rules, and then choose **Next**. (We recommend selecting **Add all devices**.)
+
+ 5. On the **Review + create** step, review the information, and then choose **Create**.
+
+To learn more about controlled folder access, see [Protect important folders with controlled folder access](../defender-endpoint/controlled-folders.md).
+
+## Next steps
+
+- [Use your vulnerability management dashboard](mdb-view-tvm-dashboard.md)
+- [View and manage incidents](mdb-view-manage-incidents.md)
+- [View reports](mdb-reports.md)
security Mdb Configure Security Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-configure-security-settings.md
ms.localizationpriority: medium Previously updated : 01/05/2023 Last updated : 01/26/2023 f1.keywords: NOCSH
Security policies to review and configure include:
- **[Next-generation protection policies](#view-or-edit-your-next-generation-protection-policies)**, which determine antivirus and antimalware protection for your company's devices - **[Firewall protection and rules](#view-or-edit-your-firewall-policies-and-custom-rules)**, which determine what network traffic is allowed to flow to and from your company's devices
+- **[Attack surface reduction rules](#enable-standard-attack-surface-reduction-rules)**, which help protect your network and devices from cyberthreats and attacks
- **[Web content filtering](#set-up-web-content-filtering)**, which prevents people from visiting certain websites (URLs) based on categories, such as adult content or legal liability - **[Advanced features](#review-settings-for-advanced-features)**, such as automated investigation and response and endpoint detection and response (EDR) in block mode
Use this article as a guide to managing your security policies and settings.
1. [Choose where to manage your security policies and devices](#choose-where-to-manage-security-policies-and-devices). 2. [Review your next-generation protection policies](#view-or-edit-your-next-generation-protection-policies). 3. [Review your firewall policies and custom rules](#view-or-edit-your-firewall-policies-and-custom-rules).
-4. [Set up web content filtering](#set-up-web-content-filtering).
-5. [Review settings for advanced features](#review-settings-for-advanced-features).
-6. [View other settings in the Microsoft 365 Defender portal](#view-and-edit-other-settings-in-the-microsoft-365-defender-portal).
-7. [Proceed to your next steps](#next-steps).
+4. [Enable standard attack surface reduction rules](#enable-standard-attack-surface-reduction-rules).
+5. [Set up web content filtering](#set-up-web-content-filtering).
+6. [Review settings for advanced features](#review-settings-for-advanced-features).
+7. [View other settings in the Microsoft 365 Defender portal](#view-and-edit-other-settings-in-the-microsoft-365-defender-portal).
+8. [Proceed to your next steps](#next-steps).
## Choose where to manage security policies and devices
-Defender for Business features a [simplified configuration process](mdb-simplified-configuration.md) that helps streamline the setup and configuration process. If you select the simplified configuration process, you can view and manage your security policies in the Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)). However, you're not limited to this option. If you've been using Microsoft Intune, you can keep using the Microsoft Endpoint Manager admin center.
+Defender for Business features a [simplified configuration process](mdb-simplified-configuration.md) that helps streamline the setup and configuration process. If you select the simplified configuration process, you can view and manage your security policies in the Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)). However, you're not limited to this option. If you've been using Microsoft Intune, you can keep using Intune.
The following table can help you choose where to manage your security policies and devices. | Option | Description | |:|:|
-| **Use the Microsoft 365 Defender portal** (*recommended*) | The Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)) is a one-stop shop for managing your company's devices, security policies, and security settings. You can access your security policies and settings, use the [Microsoft Defender Vulnerability Management dashboard](mdb-view-tvm-dashboard.md), and [view and manage incidents](mdb-view-manage-incidents.md) all in one place. <p>If you're using Intune, devices that you onboard to Defender for Business and your security policies are visible in the Endpoint Manager admin center. To learn more, see the following articles:<ul><li>[How default settings in Defender for Business correspond to settings in Microsoft Intune](mdb-next-gen-configuration-settings.md#how-default-settings-in-defender-for-business-correspond-to-settings-in-microsoft-intune)</li><li>[Firewall in Defender for Business](mdb-firewall.md)</li></ul> |
-| **Use the Microsoft Endpoint Manager admin center** | If your company is already using Intune to manage security policies, you can continue using the Endpoint Manager admin center to manage your devices and security policies. To learn more, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). <p>If you decide to switch to the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you'll be prompted to delete any existing security policies in Intune to avoid [policy conflicts](mdb-troubleshooting.yml) later. |
+| **Use the Microsoft 365 Defender portal** (*recommended*) | The Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)) is a one-stop shop for managing your company's devices, security policies, and security settings. You can access your security policies and settings, use the [Microsoft Defender Vulnerability Management dashboard](mdb-view-tvm-dashboard.md), and [view and manage incidents](mdb-view-manage-incidents.md) all in one place. <p>If you're using Intune, devices that you onboard to Defender for Business and your security policies are visible in the Intune admin center. To learn more, see the following articles:<ul><li>[How default settings in Defender for Business correspond to settings in Microsoft Intune](mdb-next-gen-configuration-settings.md#how-default-settings-in-defender-for-business-correspond-to-settings-in-microsoft-intune)</li><li>[Firewall in Defender for Business](mdb-firewall.md)</li></ul> |
+| **Use Intune** | If your company is already using Intune to manage security policies, you can continue using it to manage your devices and security policies. To learn more, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). <p>If you decide to switch to the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you'll be prompted to delete any existing security policies in Intune to avoid [policy conflicts](mdb-troubleshooting.yml) later. |
> [!IMPORTANT]
-> If you're managing security policies in the Microsoft 365 Defender portal, you can *view* those policies in the Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), where they're listed as **Antivirus** or **Firewall** policies. When you view your firewall policies in the admin center, you'll see two policies listed: one policy for firewall protection and another for custom rules.
+> If you're managing security policies in the Microsoft 365 Defender portal, you can *view* those policies in the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)), where they're listed as **Antivirus** or **Firewall** policies. When you view your firewall policies in the admin center, you'll see two policies listed: one policy for firewall protection and another for custom rules.
## View or edit your next-generation protection policies
-Depending on whether you're using the Microsoft 365 Defender portal or the Microsoft Endpoint Manager admin center to manage your next-generation protection policies, use one of the following procedures:
+Depending on whether you're using the Microsoft 365 Defender portal or Intune to manage your next-generation protection policies, use one of the following procedures:
| Portal | Procedure | |:|:| | Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |<ol><li>Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.</li><li>In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.</li><li>Select an operating system tab (such as **Windows clients**).</li><li>Expand **Next-generation protection** to view your list of policies.</li><li>Select a policy to view more details about the policy.</li><li>To make changes or to learn more about policy settings, see the following articles: <ul><li>[View or edit device policies](mdb-view-edit-policies.md)</li><li>[Understand next-generation configuration settings](mdb-next-gen-configuration-settings.md)</li></ul></li><ol> |
-| Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) |For help managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). <ol><li>Go to [https://endpoint.microsoft.com](https://endpoint.microsoft.com) and sign in. You're now in the Endpoint Manager admin center.</li><li>Select **Endpoint security**.</li><li>Select **Antivirus** to view your policies in that category.</li></ol>|
+| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |For help managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). <ol><li>Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.</li><li>Select **Endpoint security**.</li><li>Select **Antivirus** to view your policies in that category.</li></ol>|
## View or edit your firewall policies and custom rules
-Depending on whether you're using the Microsoft 365 Defender portal or the Microsoft Endpoint Manager admin center to manage your firewall protection, use one of the following procedures.
+Depending on whether you're using the Microsoft 365 Defender portal or Intune to manage your firewall protection, use one of the following procedures.
| Portal | Procedure | |:|:| | Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |<ol><li>Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.</li><li>In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.</li><li>Select an operating system tab (such as **Windows clients**).</li><li>Expand **Firewall** to view your list of policies.</li><li>Select a policy to view the details. </li><li>To make changes or to learn more about policy settings, see the following articles:<ul><li>[View or edit device policies](mdb-view-edit-policies.md)</li><li>[Firewall settings](mdb-firewall.md)</li><li>[Manage your custom rules for firewall policies](mdb-custom-rules-firewall.md)</li><ul></li><ol> |
-| Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) |For help managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). <ol><li>Go to [https://endpoint.microsoft.com](https://endpoint.microsoft.com) and sign in. You're now in the Endpoint Manager admin center.</li><li>Select **Endpoint security**.</li><li>Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies.</li></ol>|
+| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |For help managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). <ol><li>Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.</li><li>Select **Endpoint security**.</li><li>Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies.</li></ol>|
+
+## Enable standard attack surface reduction rules
+
+[Attack surface reduction capabilities in Microsoft Defender for Business](mdb-asr.md)
## Set up web content filtering
security Mdb Next Gen Configuration Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings.md
ms.localizationpriority: medium Previously updated : 01/05/2023 Last updated : 01/26/2023 f1.keywords: NOCSH
- tier1
-# Understand next-generation configuration settings in Microsoft Defender for Business
+# Understand next-generation protection settings in Microsoft Defender for Business
-Next-generation protection in Defender for Business includes robust antivirus and antimalware protection. The default policies are designed to protect your devices and users without hindering productivity. You can also customize the policies to suit your business needs. And, if you're using Microsoft Intune, you can use the Microsoft Endpoint Manager admin center to manage your security policies.
+Next-generation protection in Defender for Business includes robust antivirus and antimalware protection. The default policies are designed to protect your devices and users without hindering productivity. You can also customize the policies to suit your business needs. And, if you're using Microsoft Intune, you can use it to manage your security policies.
**This article describes**:
The following security settings are preconfigured in Defender for Business:
## How default settings in Defender for Business correspond to settings in Microsoft Intune
-The following table describes settings that are preconfigured for Defender for Business and how those settings correspond to what you might see in Intune (managed in the Microsoft Endpoint Manager admin center). If you're using the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you don't need to edit these settings.
+The following table describes settings that are preconfigured for Defender for Business and how those settings correspond to what you might see in Intune. If you're using the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you don't need to edit these settings.
| Setting | Description | |||
security Mdb Offboard Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-offboard-devices.md
ms.localizationpriority: medium Previously updated : 01/03/2023 Last updated : 01/26/2023 f1.keywords: NOCSH
security Mdb Onboard Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-onboard-devices.md
ms.localizationpriority: medium Previously updated : 01/23/2023 Last updated : 01/26/2023 f1.keywords: NOCSH
If you prefer to use Group Policy to onboard Windows clients, follow the guidanc
### Intune for Windows 10 and 11
-You can onboard Windows clients and other devices in Intune by using the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). There are several methods available for enrolling devices in Intune. We recommend using one of the following methods:
+You can onboard Windows clients and other devices in Intune by using the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)). There are several methods available for enrolling devices in Intune. We recommend using one of the following methods:
- [Enable Windows automatic enrollment for company-owned or company-managed devices](#enable-automatic-enrollment-for-windows-10-and-11) - [Ask users to enroll their own Windows 10/11 devices in Intune](#ask-users-to-enroll-their-windows-10-and-11-devices)
After Mac is enrolled in Intune, you can add it to a device group. [Learn more a
### Intune for Mac
-If you already have Intune, you can enroll Mac computers by using the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). There are several methods available for enrolling Mac in Intune. We recommend one of the following methods:
+If you already have Intune, you can enroll Mac computers by using the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)). There are several methods available for enrolling Mac in Intune. We recommend one of the following methods:
- [Choose an option for company-owned Mac](#options-for-company-owned-mac) - [Ask users to enroll their own Mac in Intune](#ask-users-to-enroll-their-own-mac-in-intune)
security Mdb Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-reports.md
Several reports are available in the Microsoft 365 Defender portal ([https://sec
|Report |Description | |||
-| **License report**<br/>(*NEW!*) | The license report (currently in [preview](mdb-preview.md)) provides information about licenses your organization has purchased and is using. To access this report, in the navigation pane, choose **Settings** > **Endpoints** > **License**. |
+| **License report**<br/>(*NEW!*) | The license report provides information about licenses your organization has purchased and is using. To access this report, in the navigation pane, choose **Settings** > **Endpoints** > **Licenses**. |
| **Security report** | The security report provides information about your company's identities, devices, and apps. To access this report, in the navigation pane, choose **Reports** > **General** > **Security report**. <br/><br/>You can view similar information on the home page of your Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). | | **Threat protection** | The threat protection report provides information about alerts and alert trends. Use the **Alert trends** column to view information about alerts that were triggered over the last 30 days. Use the **Alert status** column to view current snapshot information about alerts, such as categories of unresolved alerts and their classification. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Threat protection**. <br/><br/>You can also use the **Incidents** list to view information about alerts. In the navigation pane, choose **Incidents** to view and manage current incidents. To learn more, see [View and manage incidents in Defender for Business](mdb-view-manage-incidents.md). |
-| **Device health and compliance** | The device health and compliance report provides information about device health and trends. You can use this report to determine whether Defender for Business sensors are working correctly on devices and the current status of Microsoft Defender Antivirus. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Device health and compliance**. <br/><br/>You can use the **Devices** list to view information about your company's devices. In the navigation pane, go to **Assets** > **Devices**. To learn more, see [Manage devices in Defender for Business](mdb-manage-devices.md). |
-| **Vulnerable devices** | The vulnerable devices report provides information about devices and trends. Use the **Trends** column to view information about devices that had alerts over the last 30 days. Use the **Status** column to view current snapshot information about devices that have alerts. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Vulnerable devices**.<br/><br/>**TIP**: You can use the **Devices** list to view information about your company's devices. In the navigation pane, go to **Assets** > **Devices**. To learn more, see [Manage devices in Defender for Business](mdb-manage-devices.md). |
+| **Device health** | The device health report provides information about device health and trends. You can use this report to determine whether Defender for Business sensors are working correctly on devices and the current status of Microsoft Defender Antivirus. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Device health**. <br/><br/>You can use the **Devices** list to view information about your company's devices. In the navigation pane, go to **Assets** > **Devices**. To learn more, see [Manage devices in Defender for Business](mdb-manage-devices.md). |
+| **Vulnerable devices** | The vulnerable devices report provides information about devices and trends. Use the **Trends** column to view information about devices that had alerts over the last 30 days. Use the **Status** column to view current snapshot information about devices that have alerts. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Vulnerable devices**.<br/><br/>You can use the **Devices** list to view information about your company's devices. In the navigation pane, go to **Assets** > **Devices**. To learn more, see [Manage devices in Defender for Business](mdb-manage-devices.md). |
| **Web protection** | The web protection report shows attempts to access phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that are explicitly blocked. Categories of blocked sites include adult content, leisure sites, legal liability sites, and more. To access this report, in the navigation pane, choose **Reports** > **Endpoints** > **Web protection**.<br/><br/>If you haven't yet configured web protection for your company, choose the **Settings** button in a report view. Then, under **Rules**, choose **Web content filtering**. To learn more about web content filtering, see [Web content filtering](../defender-endpoint/web-content-filtering.md). | | **Firewall** | The firewall report shows blocked inbound, outbound, and app connections. This report also shows remote IPs connected by multiple devices, and remote IPs with the most connection attempts. <br/><br/>If you haven't yet configured your firewall protection, in the navigation pane, choose **Endpoints** > **Configuration management** > **Device configuration**. To learn more, see [Firewall in Defender for Business](mdb-firewall.md). | | **Device control** | The device control report shows information about media usage, such as the use of removable storage devices in your organization. |-
+| **Attack surface reduction rules** <br/>*(NEW!)* | The attack surface reduction rules report has three tabs: **Detections** (to show blocked or audited detections); **Configuration** (enabling you to implement standard protection rules quickly, by using a single toggle); and **Add exclusions** (enabling you to define exclusions, if needed). To access this report, in the navigation pane, choose **Reports** > **Endpoints** > Attack surface reduction rules**. <br/><br/>To learn more, see [Attack surface reduction capabilities in Microsoft Defender for Business](mdb-asr.md). |
## See also
security Mdb Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-requirements.md
ms.localizationpriority: medium Previously updated : 11/01/2022 Last updated : 01/26/2023 f1.keywords: NOCSH
The following table lists the basic requirements you need to configure and use D
| User accounts |<ul><li>User accounts are created in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)).</li><li>Licenses for Defender for Business (or Microsoft 365 Business Premium) are assigned in the Microsoft 365 admin center.</li></ul>To get help with this task, see [Add users and assign licenses](mdb-add-users.md). | | Permissions | To sign up for Defender for Business, you must be a Global Admin.<br/><br/>To access the Microsoft 365 Defender portal, users must have one of the following [roles in Azure AD](mdb-roles-permissions.md) assigned:<ul><li>Security Reader</li><li>Security Admin</li><li>Global Admin</li></ul>To learn more, see [Roles and permissions in Defender for Business](mdb-roles-permissions.md). | | Browser requirements | Microsoft Edge or Google Chrome |
-| Client device operating system | To manage devices in the Microsoft 365 Defender portal, your devices must be running one of the following operating systems: <ul><li>Windows 10 or 11 Business</li><li>Windows 10 or 11 Professional</li><li>Windows 10 or 11 Enterprise</li><li>Mac (the three most-current releases are supported)</li></ul>Make sure that [KB5006738](https://support.microsoft.com/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541) is installed on the Windows devices. <br/><br/>If you're already managing devices in Microsoft Intune, you can continue to use the Microsoft Endpoint Manager admin center.<sup>[[1](#fn1)]</sup> In that case, the following other operating systems are supported: <ul><li>iOS and iPadOS</li><li>Android OS</li></ul> |
+| Client device operating system | To manage devices in the Microsoft 365 Defender portal, your devices must be running one of the following operating systems: <ul><li>Windows 10 or 11 Business</li><li>Windows 10 or 11 Professional</li><li>Windows 10 or 11 Enterprise</li><li>Mac (the three most-current releases are supported)</li></ul>Make sure that [KB5006738](https://support.microsoft.com/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541) is installed on the Windows devices. <br/><br/>If you're already managing devices in Microsoft Intune, you can continue to use it.<sup>[[1](#fn1)]</sup> In that case, the following other operating systems are supported: <ul><li>iOS and iPadOS</li><li>Android OS</li></ul> |
| Server requirements | To onboard a device running Windows Server or Linux Server, you'll need an additional license, such as [Microsoft Defender for Business servers](get-defender-business-servers.md)<sup>[[2](#fn2)]</sup>.<br/><br/>Windows Server endpoints must meet the [requirements for Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements#hardware-and-software-requirements), and enforcement scope must be turned on.<ol><li>In the Microsoft 365 Defender portal, go to **Settings** > **Endpoints** > **Configuration management** > **Enforcement scope**.</li><li>Select **Use MDE to enforce security configuration settings from MEM**, select **Windows Server**. </li><li>Select **Save**.</li></ol>Linux Server endpoints must meet the [prerequisites for Microsoft Defender for Endpoint on Linux](../defender-endpoint/microsoft-defender-endpoint-linux.md#prerequisites).| (<a id="fn1">1</a>) Microsoft Intune is not included in the standalone version of Defender for Business. Intune can be added onto Defender for Business. Intune is included in Microsoft 365 Business Premium.
security Mdb Simplified Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-simplified-configuration.md
ms.localizationpriority: medium Previously updated : 12/07/2022 Last updated : 01/26/2023 f1.keywords: NOCSH
The following table describes each experience.
| Portal experience | Description | ||| | The simplified configuration experience in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | The simplified configuration experience includes a [wizard-like experience](mdb-use-wizard.md) to help you set up and configure Defender for Business. Simplified configuration also includes default security settings and policies to help protect your company's devices as soon as they're onboarded to Defender for Business. You can view and edit your default policies to suit your business needs. To learn more, see [View or edit device policies in Microsoft Defender for Business](mdb-view-edit-policies.md).<br/><br/>With the simplified experience, your security team uses the Microsoft 365 Defender portal as a one-stop shop to: <ul><li>Set up and configure Defender for Business</li><li>View and manage incidents</li><li>Respond to and mitigate threats</li><li>View reports</li><li>Review pending or completed actions |
-| The Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) | Microsoft Intune is a cloud-based mobile device management (MDM) and mobile application management (MAM) provider for apps and devices. If you're already using Intune, you can continue to use the Endpoint Manager admin center to manage devices such as mobile phones, tablets, and laptops. See [Microsoft Intune: Device management](/mem/intune/fundamentals/what-is-device-management). |
+| The Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) | Microsoft Intune is a cloud-based mobile device management (MDM) and mobile application management (MAM) provider for apps and devices. If you're already using Intune, you can continue to use it to manage devices such as mobile phones, tablets, and laptops. See [Microsoft Intune: Device management](/mem/intune/fundamentals/what-is-device-management). |
## Next steps
security Mdb Tutorials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-tutorials.md
ms.localizationpriority: medium- Previously updated : 07/19/2022+ Last updated : 01/26/2023 f1.keywords: NOCSH - SMB
The following table summarizes several scenarios to try with Defender for Busine
| Scenario | Description | ||| | Onboard devices using a local script | In Defender for Business, you can onboard Windows and Mac devices by using a script that you download and run on each device. The script creates a trust with Azure Active Directory (Azure AD), if that trust doesn't already exist; enrolls the device with Microsoft Intune, if you have Intune; and onboards the device to Defender for Business. To learn more, see [Onboard devices to Defender for Business](mdb-onboard-devices.md). |
-| Onboard devices using the Microsoft Endpoint Manager admin center | If you were already using Intune before getting Defender for Business, you can continue to use Endpoint Manager admin center to onboard devices. Try onboarding your Windows, Mac, iOS, and Android devices with Microsoft Intune. To learn more, see [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment). |
+| Onboard devices using Intune | If you were already using Intune before getting Defender for Business, you can continue to use Endpoint Manager admin center to onboard devices. Try onboarding your Windows, Mac, iOS, and Android devices with Microsoft Intune. To learn more, see [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment). |
| Edit security policies | If you're managing your security policies in Defender for Business, use the **Device configuration** page to view and edit your policies. Defender for Business comes with default policies that use recommended settings to secure your company's devices as soon as they're onboarded. You can keep the default policies, edit them, and define your own policies to suit your business needs. To learn more, see [View or edit policies in Defender for Business](mdb-view-edit-policies.md). | | Run a simulated attack | Several tutorials and simulations are available in Defender for Business. These tutorials and simulations show how the threat-protection features of Defender for Business can work for your company. You can also use a simulated attack as a training exercise for your team. To try the tutorials, see [Recommended tutorials for Defender for Business](#recommended-tutorials-for-defender-for-business). | | View incidents in Microsoft 365 Lighthouse | If you're a [Microsoft Cloud Solution Provider](/partner-center/enrolling-in-the-csp-program) using Microsoft 365 Lighthouse, you can view incidents across your customers' tenants in your Microsoft 365 Lighthouse portal. To learn more, see [Microsoft 365 Lighthouse and Defender for Business](mdb-lighthouse-integration.md). |
security Mdb Use Wizard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-use-wizard.md
ms.localizationpriority: medium Previously updated : 08/09/2022 Last updated : 01/26/2023 f1.keywords: NOCSH
The setup wizard is designed to help you set up and configure Defender for Busin
4. **Configure your security policies**. Defender for Business includes default security policies for next-generation protection and firewall protection that can be applied to your company's devices. These default policies use recommended settings and are designed to provide strong protection for your devices. You can also create your own security policies. See [View and edit your security policies and settings](mdb-configure-security-settings.md). > [!NOTE]
- > If you're already using Intune to manage your devices and security policies, you can continue using the Microsoft Endpoint Manager admin center. See [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).
+ > If you're already using Intune to manage your devices and security policies, you can continue using it. See [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).
## What is automatic onboarding?
To onboard other devices, see [Onboard devices to Defender for Business](mdb-onb
> [!TIP] > - We recommend selecting the "all devices enrolled" option. That way, when Windows devices are enrolled in Intune later on, they'll be onboarded to Defender for Business automatically.
-> - If you've been managing security policies and settings in the Endpoint Manager admin center, we recommend switching to the Microsoft 365 Defender portal to manage your devices, policies, and settings. To learn more, see [Choose where to manage security policies and devices](mdb-configure-security-settings.md#choose-where-to-manage-security-policies-and-devices).
+> - If you've been managing security policies and settings in the Intune admin center, we recommend switching to the Microsoft 365 Defender portal to manage your devices, policies, and settings. To learn more, see [Choose where to manage security policies and devices](mdb-configure-security-settings.md#choose-where-to-manage-security-policies-and-devices).
## What happens if I don't use the wizard?
security Defender Endpoint False Positives Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives.md
ms.pagetype: security
ms.localizationpriority: medium Previously updated : 11/30/2022 Last updated : 01/27/2023 audience: ITPro
In general, you shouldn't need to define exclusions for Microsoft Defender Antiv
#### Use Intune to manage antivirus exclusions (for existing policies)
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus**, and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-create-a-new-antivirus-policy-with-exclusions)).
+1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus**, and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-create-a-new-antivirus-policy-with-exclusions)).
2. Choose **Properties**, and next to **Configuration settings**, choose **Edit**.
In general, you shouldn't need to define exclusions for Microsoft Defender Antiv
#### Use Intune to create a new antivirus policy with exclusions
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** \> **+ Create Policy**.
+1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** \> **+ Create Policy**.
2. Select a platform (such as **Windows 10 and later**, **macOS**, or **Windows 10 and Windows Server**).
We recommend using [Intune](/mem/intune/fundamentals/what-is-intune) to edit or
#### Use Intune to review and edit cloud-delivered protection settings (for existing policies)
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-set-cloud-delivered-protection-settings-for-a-new-policy)).
+1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-set-cloud-delivered-protection-settings-for-a-new-policy)).
2. Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
We recommend using [Intune](/mem/intune/fundamentals/what-is-intune) to edit or
#### Use Intune to set cloud-delivered protection settings (for a new policy)
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** \> **+ Create policy**.
+1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Endpoint security** \> **Antivirus** \> **+ Create policy**.
2. For **Platform**, select an option, and then for **Profile**, select **Antivirus** or **Microsoft Defender Antivirus** (the specific option depends on what you selected for **Platform**.) Then choose **Create**.
We recommend using [Intune](/mem/endpoint-manager-overview) to edit or set PUA p
#### Use Intune to edit PUA protection (for existing configuration profiles)
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Devices** \> **Configuration profiles**, and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-set-pua-protection-for-a-new-configuration-profile).)
+1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Devices** \> **Configuration profiles**, and then select an existing policy. (If you don't have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-intune-to-set-pua-protection-for-a-new-configuration-profile).)
2. Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
We recommend using [Intune](/mem/endpoint-manager-overview) to edit or set PUA p
#### Use Intune to set PUA protection (for a new configuration profile)
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Devices** \> **Configuration profiles** \> **+ Create profile**.
+1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Devices** \> **Configuration profiles** \> **+ Create profile**.
2. For the **Platform**, choose **Windows 10 and later**, and for **Profile**, select **Device restrictions**.
security Defender Endpoint Plan 1 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2.md
Last updated 01/25/2023
ms.localizationpriority: medium-+ f1.keywords: NOCSH - m365-security
security Defender Endpoint Plan 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1.md
Defender for Endpoint Plan 1 includes the following capabilities:
- **[Next-generation protection](#next-generation-protection)** that includes industry-leading, robust antimalware and antivirus protection - **[Manual response actions](#manual-response-actions)**, such as sending a file to quarantine, that your security team can take on devices or files when threats are detected - **[Attack surface reduction capabilities](#attack-surface-reduction)** that harden devices, prevent zero-day attacks, and offer granular control over endpoint access and behaviors-- **[Centralized configuration and management](#centralized-management)** with the Microsoft 365 Defender portal and integration with Microsoft Endpoint Manager
+- **[Centralized configuration and management](#centralized-management)** with the Microsoft 365 Defender portal and integration with Microsoft Intune
- **[Protection for a variety of platforms](#cross-platform-support)**, including Windows, macOS, iOS, and Android devices The following sections provide more details about these capabilities.
security Faqs Tamper Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/faqs-tamper-protection.md
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Previously updated : 01/11/2023 Last updated : 01/26/2023 audience: ITPro
If you're using Intune to configure and manage tamper protection, you can target
## What settings can't be changed when tamper protection is turned on?
-When tamper protection is turned on, tamper-protected settings cannot be changed from their default value, even if you're using Intune to manage your security settings. Changes might appear to be successful in Intune, but will not actually be allowed by tamper protection. For the most current list of tamper protected settings, contact support.
+When tamper protection is turned on, tamper-protected settings can't be changed from their default value, even if you're using Intune to manage your security settings. Changes might appear to be successful in Intune, but won't actually be allowed by tamper protection. For the most current list of tamper protected settings, contact support.
+
+## If tamper protection is turned on in Microsoft 365 Defender, can Intune override it?
+
+A tamper protection policy defined in Intune can override tamper protection that is turned on in the Microsoft 365 Defender portal. Policies defined in Intune take priority. Affected devices must be part of a device group that is included in the Intune policy.
+
+## How do I deploy DisableLocalAdminMerge?
+
+Use Intune to deploy [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp).
+
+## How can I confirm whether exclusions are tamper protected on a Windows device?
+
+You can use a registry key to determine whether the functionality to protect Microsoft Defender Antivirus exclusions is enabled.
+
+1. On a Windows device open Registry Editor. (Read-only mode is fine; you won't be editing the registry key.)
+
+2. Go to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features` (or `HKLM\SOFTWARE\Microsoft\Windows Defender\Features`), and look for a `REG_DWORD` entry called **TPExclusions**.
+
+ - If **TPExclusions** has a value of `1`, then all required conditions are met, and the new functionality to protect exclusions is enabled on the device. In this case, exclusions are tamper protected.
+ - If **TPExclusions** has a value of `0`, then tamper protection isn't currently protecting exclusions on the device.
+
+> [!CAUTION]
+> Do not change the value of **TPExclusions**. Use the preceding procedure for information only. Changing the key will have no effect on whether tamper protection applies to exclusions.
## Can I configure tamper protection with Microsoft Endpoint Configuration Manager?
You can use any of the following methods to configure tamper protection:
- The [Microsoft 365 Defender portal](manage-tamper-protection-microsoft-365-defender.md) (turn tamper protection on or off, tenant wide) - [Intune](manage-tamper-protection-microsoft-endpoint-manager.md) (turn tamper protection on or off, and/or configure tamper protection for some or all users) - [Configuration Manager](manage-tamper-protection-configuration-manager.md) (with tenant attach, you can configure tamper protection for some or all devices by using the Windows Security experience profile)-- [Windows Security app](manage-tamper-protection-individual-device.md) (for an individual device used at home or that is not centrally managed by a security team)
+- [Windows Security app](manage-tamper-protection-individual-device.md) (for an individual device used at home or that isn't centrally managed by a security team)
> [!NOTE] > We recommend keeping tamper protection turned on for your whole organization. If tamper protection prevents your IT or security team from performing a necessary task on a device,
security Manage Mde Post Migration Configuration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-configuration-manager.md
- m365-security - tier2 Previously updated : 07/01/2022 Last updated : 01/27/2023 search.appverid: met150
search.appverid: met150
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
-We recommend using [Microsoft Endpoint Manager](/mem), which includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (Intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction) (Configuration Manager) to manage your organization's threat protection features for devices (also referred to as endpoints).
+We recommend using [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) or [Configuration Manager](/mem/configmgr/core/understand/introduction) (Configuration Manager) to manage your organization's threat protection features for devices (also referred to as endpoints).
-- [Learn more about Endpoint Manager](/mem/endpoint-manager-overview)-- [Co-manage Microsoft Defender for Endpoint on Windows 10 and Windows 11 devices with Configuration Manager and Intune](manage-mde-post-migration-intune.md)
+This article describes how to manage Defender for Endpoint settings with Configuration Manager, and lists various tasks you can perform.
## Configure Microsoft Defender for Endpoint with Configuration Manager
If you haven't already done so, configure your Microsoft 365 Defender portal to
## Next steps - [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)-- [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
security Manage Mde Post Migration Group Policy Objects https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-group-policy-objects.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 01/27/2023 audience: ITPro
search.appverid: met150
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) > [!NOTE]
-> We recommend using [Microsoft Endpoint Manager](/mem) to manage your organization's threat protection features for devices (also referred to as endpoints). Endpoint Manager includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction). **[Learn more about Endpoint Manager](/mem/endpoint-manager-overview)**.
-
-You can use Group Policy Objects in Azure Active Directory Domain Services to manage some settings in Microsoft Defender for Endpoint.
+> We recommend using [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) or [Configuration Manager](/mem/configmgr/core/understand/introduction) to manage Defender for Endpoint settings. However, you can use Group Policy Objects in Azure Active Directory Domain Services to manage some of your Defender for Endpoint settings.
## Configure Microsoft Defender for Endpoint with Group Policy Objects
If you haven't already done so, configure your Microsoft 365 Defender portal to
## Next steps - [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)-- [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
security Manage Mde Post Migration Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-intune.md
- m365-security - tier2 Previously updated : 07/01/2022 Last updated : 01/27/2023 search.appverid: met150
search.appverid: met150
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
-We recommend using [Microsoft Endpoint Manager](/mem), which includes Microsoft Intune (Intune) to manage your organization's threat protection features for devices (also referred to as endpoints). [Learn more about Endpoint Manager](/mem/endpoint-manager-overview).
-
-This article describes how to find your Microsoft Defender for Endpoint settings in Intune, and lists various tasks you can perform.
+We recommend using Microsoft Intune to manage your organization's threat protection features for devices (also referred to as endpoints). This article describes how to find your Microsoft Defender for Endpoint settings in Intune, and lists various tasks you can perform.
## Find your Microsoft Defender for Endpoint settings in Intune
security Manage Mde Post Migration Other Tools https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools.md
search.appverid: met150
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
-> [!NOTE]
-> We recommend using [Microsoft Endpoint Manager](/mem) to manage your organization's threat protection features for devices (also referred to as endpoints). Endpoint Manager includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction).
-> - [Learn more about Endpoint Manager](/mem/endpoint-manager-overview)
-> - [Co-manage Microsoft Defender for Endpoint on Windows 10 and Windows 11 devices with Configuration Manager and Intune](manage-mde-post-migration-intune.md)
-> - [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
+We recommend using [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) or [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction) to manage Defender for Endpoint settings. However, you can use other tools to manage some settings, such as Microsoft Defender Antivirus, exploit protection, and customized attack surface reduction rules with:
-You can manage some Microsoft Defender Antivirus settings on devices with [PowerShell](#configure-microsoft-defender-for-endpoint-with-powershell), [Windows Management Instrumentation](#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi) (WMI), and the [Microsoft Malware Protection Command Line Utility](#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe) (MPCmdRun.exe). For example, you can manage some Microsoft Defender Antivirus settings. And, in some cases, you can customize your attack surface reduction rules and exploit protection settings.
+- [PowerShell](#configure-microsoft-defender-for-endpoint-with-powershell);
+- [Windows Management Instrumentation](#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi) (WMI); and
+- The [Microsoft Malware Protection Command Line Utility](#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe) (MPCmdRun.exe).
> [!IMPORTANT] > Threat protection features that you configure by using PowerShell, WMI, or MCPmdRun.exe can be overwritten by configuration settings that are deployed with Intune or Configuration Manager.
You can use PowerShell to manage Microsoft Defender Antivirus, exploit protectio
## Configure Microsoft Defender for Endpoint with Windows Management Instrumentation (WMI)
-WMI is a scripting interface that allows you to retrieve, modify, and update settings. To learn more, see [Using WMI](/windows/win32/wmisdk/using-wmi).<br/><br/>
+WMI is a scripting interface that allows you to retrieve, modify, and update settings. To learn more, see [Using WMI](/windows/win32/wmisdk/using-wmi).
|Task|Resources to learn more| |||
You can also configure whether and what features end users can see in the Micros
## Next steps - [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)-- [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
security Manage Mde Post Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration.md
- m365-security - tier2 Previously updated : 07/01/2022 Last updated : 01/27/2023 search.appverid: met150
search.appverid: met150
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
-After you have set up and configured Microsoft Defender for Endpoint, your next step is to manage your features and capabilities. We recommend using [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), which includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction), to manage your organization's devices and security settings. However, you can use other tools/methods, such as [Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy).
+After you have set up and configured Microsoft Defender for Endpoint, your next step is to manage your features and capabilities. We recommend using [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to manage your organization's devices and security settings. However, you can use other tools/methods, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction) or [Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy).
The following table lists various tools/methods you can use, with links to learn more. |Tool/Method|Description| ||| |**[Microsoft Defender Vulnerability Management dashboard insights](/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the [Microsoft 365 Defender](https://security.microsoft.com/) portal|The Defender Vulnerability Management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture. <br/><br/> See [Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) and [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use).|
-|**[Microsoft Intune](/mem/intune/fundamentals/what-is-intune)** (recommended)|Microsoft Intune (Intune), a component of [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), focuses on mobile device management (MDM) and mobile application management (MAM). With Intune, you control how your organization's devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. <br/><br/> See [Manage Microsoft Defender for Endpoint using Intune](manage-mde-post-migration-intune.md).|
-|**[Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction)**|Microsoft Endpoint Manager (Configuration Manager), formerly known as System Center Configuration Manager, is a component of [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). Configuration Manager is a powerful tool to manage your users, devices, and software. <br/><br/> See [Manage Microsoft Defender for Endpoint with Configuration Manager](manage-mde-post-migration-configuration-manager.md).|
+|**[Microsoft Intune](/mem/intune/fundamentals/what-is-intune)** (recommended)| Intune provides mobile device management (MDM) and mobile application management (MAM) capabilities. With Intune, you control how your organization's devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. <br/><br/> See [Manage Microsoft Defender for Endpoint using Intune](manage-mde-post-migration-intune.md).|
+|**[Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction)**|Microsoft Endpoint Manager (Configuration Manager), formerly known as System Center Configuration Manager, is a powerful tool to manage your users, devices, and software. <br/><br/> See [Manage Microsoft Defender for Endpoint with Configuration Manager](manage-mde-post-migration-configuration-manager.md).|
|**[Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy)**|[Azure Active Directory Domain Services](/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs). <br/><br/> See [Manage Microsoft Defender for Endpoint with Group Policy Objects](manage-mde-post-migration-group-policy-objects.md).|
-|**[PowerShell, WMI, and MPCmdRun.exe](manage-mde-post-migration-other-tools.md)**|*We recommend using Microsoft Endpoint Manager (which includes Intune and Configuration Manager) to manage threat protection features on your organization's devices. However, you can configure some settings, such as Microsoft Defender Antivirus settings on individual devices (endpoints) with PowerShell, WMI, or the MPCmdRun.exe tool.* <br/><br/> You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules. See [Configure Microsoft Defender for Endpoint with PowerShell](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-powershell). <br/><br/> You can use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus and exclusions. See [Configure Microsoft Defender for Endpoint with WMI](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi). <br/><br/> You can use the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) to manage Microsoft Defender Antivirus and exclusions, as well as validate connections between your network and the cloud. See [Configure Microsoft Defender for Endpoint with MPCmdRun.exe](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe).|
+|**[PowerShell, WMI, and MPCmdRun.exe](manage-mde-post-migration-other-tools.md)**|*We recommend using Microsoft Intune or Configuration Manager to manage threat protection features on your organization's devices. However, you can configure some settings, such as Microsoft Defender Antivirus settings on individual devices (endpoints) with PowerShell, WMI, or the MPCmdRun.exe tool.* <br/><br/> You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules. See [Configure Microsoft Defender for Endpoint with PowerShell](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-powershell). <br/><br/> You can use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus and exclusions. See [Configure Microsoft Defender for Endpoint with WMI](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi). <br/><br/> You can use the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) to manage Microsoft Defender Antivirus and exclusions, as well as validate connections between your network and the cloud. See [Configure Microsoft Defender for Endpoint with MPCmdRun.exe](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe).|
## See also
security Manage Protection Update Schedule Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md
You can also randomize the times when each endpoint checks and downloads protect
2. Go to the **Security intelligence updates** section. 3. To check and download updates at a certain time:
- 1. Set **Check for Endpoint Protection security intelligence updates at a specific interval...** to **0**.
- 2. Set **Check for Endpoint Protection security intelligence updates daily at...** to the time when updates should be checked.
- 3
+
+ - Set **Check for Endpoint Protection security intelligence updates at a specific interval...** to **0**.
+ - Set **Check for Endpoint Protection security intelligence updates daily at...** to the time when updates should be checked.
+
4. To check and download updates on a continual interval, Set **Check for Endpoint Protection security intelligence updates at a specific interval...** to the number of hours that should occur between updates. 5. [Deploy the updated policy as usual](/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
security Manage Tamper Protection Configuration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-tamper-protection-configuration-manager.md
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Last updated : 01/27/2023 audience: ITPro
search.appverid: met150
**Platforms** - Windows
-If you're using [version 2006 of Configuration Manager](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver endpoint security configuration policies to on-premises collections & devices.
+If you're using [version 2006 of Configuration Manager](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Intune admin center, and then deliver endpoint security configuration policies to on-premises collections & devices.
> [!NOTE] > The procedure can be used to extend tamper protection to devices running Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2019, and Windows Server 2022. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. For Windows Server 2012 R2 running the modern, unified solution [version 2203 of Configuration Manager](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2203) is required. 1. Set up tenant attach. To learn more, see [Get started: Create and deploy endpoint security policies from the admin center](/mem/configmgr/tenant-attach/endpoint-security-get-started).
-2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** \> **Antivirus**, and then choose **+ Create Policy**.
+2. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** \> **Antivirus**, and then choose **+ Create Policy**.
- In the **Platform** list, select **Windows 10, Windows 11, and Windows Server (ConfigMgr)**. - In the **Profile** list, select **Windows Security experience (preview)**.
security Manage Tamper Protection Individual Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-tamper-protection-individual-device.md
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Last updated : 01/27/2023 audience: ITPro
security Manage Tamper Protection Microsoft 365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-365-defender.md
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Previously updated : 12/07/2022 Last updated : 01/27/2023 audience: ITPro
Tamper protection can be turned on or off for your tenant using the Microsoft 36
- Currently, the option to manage tamper protection in the Microsoft 365 Defender portal is on by default for new deployments. For existing deployments, tamper protection is available on an opt-in basis. To opt in, in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>, choose **Settings** \> **Endpoints** \> **Advanced features** \> **Tamper protection**. - When you use the Microsoft 365 Defender portal to manage tamper protection, you don't have to use Intune or the tenant attach method.-- When you manage tamper protection in the Microsoft 365 Defender portal, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 or Windows Server 2022. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Manage tamper protection for your organization using Microsoft Endpoint Manager](manage-tamper-protection-microsoft-endpoint-manager.md) or [Manage tamper protection using tenant attach with Configuration Manager, version 2006](manage-tamper-protection-configuration-manager.md).
+- When you manage tamper protection in the Microsoft 365 Defender portal, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 or Windows Server 2022. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Manage tamper protection for your organization using Microsoft Intune](manage-tamper-protection-microsoft-endpoint-manager.md) or [Manage tamper protection using tenant attach with Configuration Manager, version 2006](manage-tamper-protection-configuration-manager.md).
- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft 365 Defender portal. - Tamper protection is part of anti-tampering capabilities that include [standard protection attack surface reduction rules](attack-surface-reduction-rules-reference.md).
security Manage Tamper Protection Microsoft Endpoint Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-endpoint-manager.md
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Previously updated : 01/12/2023 Last updated : 01/27/2023 audience: ITPro
search.appverid: met150
**Platforms** - Windows
-If your organization uses [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com). Use Intune when you want to fine-tune tamper protection settings. For example, if you want to enable tamper protection on some devices, but not all, use Intune.
+If your organization uses [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Intune admin center](https://endpoint.microsoft.com). Use Intune when you want to fine-tune tamper protection settings. For example, if you want to enable tamper protection on some devices, but not all, use Intune.
Tamper protection is part of anti-tampering capabilities that include [standard protection attack surface reduction rules](attack-surface-reduction-rules-reference.md).
Tamper protection is part of anti-tampering capabilities that include [standard
:::image type="content" source="images/turnontamperprotectinmem.png" alt-text="Turn tamper protection turned on with Intune" lightbox="images/turnontamperprotectinmem.png":::
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** \> **Antivirus**, and then choose **+ Create Policy**.
+1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** \> **Antivirus**, and then choose **+ Create Policy**.
- In the **Platform** list, select **Windows 10, Windows 11, and Windows Server**. - In the **Profile** list, select **Windows Security experience**.
security Mde P1 Maintenance Operations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-p1-maintenance-operations.md
To manage your security intelligence and product updates, see [Manage Microsoft
## Fine-tune and adjust Defender for Endpoint
-Defender for Endpoint offers you much flexibility and configuration options. You can adjust and fine-tune your settings to suit your organization's needs. For example, you can use Microsoft Endpoint Manager, Group Policy, and other methods to manage your endpoint security settings.
+Defender for Endpoint offers you much flexibility and configuration options. You can adjust and fine-tune your settings to suit your organization's needs. For example, you can use Microsoft Intune, Group Policy, and other methods to manage your endpoint security settings.
To learn more, see [Manage Defender for Endpoint](manage-mde-post-migration.md).
security Mde P1 Setup Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration.md
ms.localizationpriority: medium- Last updated : 01/27/2023+ f1.keywords: NOCSH - m365-security
The general setup and configuration process for Defender for Endpoint Plan 1 is
| 3 | [Set up your tenant environment](#set-up-your-tenant-environment) | Lists tasks for setting up your tenant environment | | 4 | [Assign roles and permissions](#assign-roles-and-permissions) | Lists roles and permissions to consider for your security team <br/><br/>**TIP**: As soon as roles and permissions are assigned, your security team can get started using the Microsoft 365 Defender portal. To learn more, see [Getting started](mde-plan1-getting-started.md). | | 5 | [Onboard to Defender for Endpoint](#onboard-to-defender-for-endpoint) | Lists several methods by operating system to onboard to Defender for Endpoint Plan 1 and includes links to more detailed information for each method |
-| 6 | [Configure next-generation protection](#configure-next-generation-protection) | Describes how to configure your next-generation protection settings in Microsoft Endpoint Manager |
+| 6 | [Configure next-generation protection](#configure-next-generation-protection) | Describes how to configure your next-generation protection settings in Microsoft Intune |
| 7 | [Configure your attack surface reduction capabilities](#configure-your-attack-surface-reduction-capabilities) | Lists the types of attack surface reduction capabilities you can configure and includes procedures with links to more resources | ## Review the requirements
When you plan your deployment, you can choose from several different architectur
| Method | Description | |:|:|
-| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (included in Microsoft Endpoint Manager) | Use Intune to manage endpoints in a cloud native environment |
-| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Configuration Manager](/mem/configmgr/core/understand/introduction) (included in Microsoft Endpoint Manager) | Use Intune and Configuration Manager to manage endpoints and workloads that span an on-premises and cloud environment |
+| [Intune](/mem/intune/fundamentals/what-is-intune) | Use Intune to manage endpoints in a cloud native environment |
+| [Intune](/mem/intune/fundamentals/what-is-intune) and [Configuration Manager](/mem/configmgr/core/understand/introduction) | Use Intune and Configuration Manager to manage endpoints and workloads that span an on-premises and cloud environment |
| [Configuration Manager](/mem/configmgr/core/understand/introduction) | Use Configuration Manager to protect on-premises endpoints with the cloud-based power of Defender for Endpoint | | Local script downloaded from the Microsoft 365 Defender Portal | Use local scripts on endpoints to run a pilot or onboard just a few devices |
The following table describes key roles to consider for Defender for Endpoint in
| Role | Description | |:|:|
-| Global administrators (also referred to as global admins) <br/><br/> *As a best practice, limit the number of global administrators.* | Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Microsoft Defender for Endpoint Plan 1 is a global administrator by default. <br/><br/> Global admins are able to access/change settings across all Microsoft 365 portals, such as: <br/>- The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)) <br/>- Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) <br/>- Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) |
+| Global administrators (also referred to as global admins) <br/><br/> *As a best practice, limit the number of global administrators.* | Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Microsoft Defender for Endpoint Plan 1 is a global administrator by default. <br/><br/> Global admins are able to access/change settings across all Microsoft 365 portals, such as: <br/>- The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)) <br/>- Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) <br/>- Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) |
| Security administrators (also referred to as security admins) | Security admins can perform security operator tasks plus the following tasks: <br/>- Monitor security-related policies <br/>- Manage security threats and alerts <br/>- View reports | | Security operator | Security operators can perform security reader tasks plus the following tasks: <br/>- View information about detected threats <br/>- Investigate and respond to detected threats | | Security reader | Security readers can perform the following tasks: <br/>- View security-related policies across Microsoft 365 services <br/>- View security threats and alerts <br/>- View reports |
When you're ready to onboard your organization's endpoints, you can choose from
|Endpoint Operating System | Onboarding methods| |||
-| Windows 10 | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) |
-| macOS | [Local scripts](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) |
+| Windows 10 | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) |
+| macOS | [Local scripts](mac-install-manually.md) <br> [Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) |
| iOS |[App-based](ios-install.md) |
-| Android | [Microsoft Endpoint Manager](android-intune.md) |
+| Android | [Intune](android-intune.md) |
Then, proceed to configure your next-generation protection and attack surface reduction capabilities. ## Configure next-generation protection
-We recommend using [Microsoft Endpoint Manager](/mem) to manage your organization's devices and security settings, as shown in the following image:
+We recommend using [Intune](/mem) to manage your organization's devices and security settings, as shown in the following image:
-To configure your next-generation protection in Microsoft Endpoint Manager, follow these steps:
+To configure your next-generation protection in Intune, follow these steps:
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
2. Select **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don't have an existing policy, create a new policy.)
Attack surface reduction is all about reducing the places and ways your organiza
### Attack surface reduction rules
-Attack surface reduction rules are available on devices running Windows. We recommend using Microsoft Endpoint Manager, as shown in the following image:
+Attack surface reduction rules are available on devices running Windows. We recommend using Intune, as shown in the following image:
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
2. Choose **Endpoint security** > **Attack surface reduction** > **+ Create policy**.
Attack surface reduction rules are available on devices running Windows. We reco
You get ransomware mitigation through [controlled folder access](controlled-folders.md#what-is-controlled-folder-access), which allows only trusted apps to access protected folders on your endpoints.
-We recommend using Microsoft Endpoint Manager to configure controlled folder access.
+We recommend using Intune to configure controlled folder access.
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
2. Select **Endpoint Security**, and then select **Attack Surface Reduction**.
We recommend using Microsoft Endpoint Manager to configure controlled folder acc
### Device control
-You can configure Defender for Endpoint to block or allow removable devices and files on removable devices. We recommend using Microsoft Endpoint Manager to configure your device control settings.
+You can configure Defender for Endpoint to block or allow removable devices and files on removable devices. We recommend using Intune to configure your device control settings.
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
2. Select **Devices** > **Configuration profiles** > **Create profile**.
You can configure Defender for Endpoint to block or allow removable devices and
### Network protection
-With network protection, you can help protect your organization against dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. We recommend using Microsoft Endpoint Manager to turn on network protection.
+With network protection, you can help protect your organization against dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. We recommend using Intune to turn on network protection.
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
2. Select **Devices** > **Configuration profiles** > **Create profile**.
With network protection, you can help protect your organization against dangerou
### Web protection
-With web protection, you can protect your organization's devices from web threats and unwanted content. Your web protection includes [web threat protection](#configure-web-threat-protection) and [web content filtering](#configure-web-content-filtering). Configure both sets of capabilities. We recommend using Microsoft Endpoint Manager to configure your web protection settings.
+With web protection, you can protect your organization's devices from web threats and unwanted content. Your web protection includes [web threat protection](#configure-web-threat-protection) and [web content filtering](#configure-web-content-filtering). Configure both sets of capabilities. We recommend using Intune to configure your web protection settings.
#### Configure web threat protection
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in.
2. Choose **Endpoint security** > **Attack surface reduction**, and then choose **+ Create policy**.
With web protection, you can protect your organization's devices from web threat
### Network firewall
-Network firewall helps reduce the risk of network security threats. Your security team can set rules that determine which traffic is permitted to flow to or from your organization's devices. We recommend using Microsoft Endpoint Manager to configure your network firewall.
+Network firewall helps reduce the risk of network security threats. Your security team can set rules that determine which traffic is permitted to flow to or from your organization's devices. We recommend using Intune to configure your network firewall.
To configure basic firewall settings, follow these steps:
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in.
+1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in.
2. Choose **Endpoint security** > **Firewall**, and then choose **+ Create Policy**.
security Mde Plan1 Getting Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-plan1-getting-started.md
audience: ITPro Previously updated : 01/03/2022 Last updated : 01/27/2022 ms.localizationpriority: medium-+ f1.keywords: NOCSH - m365-security
security Migration Guides https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/migration-guides.md
f1.keywords: NOCSH Previously updated : 07/01/2022 Last updated : 01/27/2023 search.appverid: met150
If you're considering moving to Defender for Endpoint, we have guidance to help.
|You already have Defender for Endpoint, and you want some help getting everything set up and configured.|[Microsoft Defender for Endpoint deployment guide](deployment-phases.md)| |You're planning to switch from a non-Microsoft endpoint protection solution to Defender for Endpoint, which includes Microsoft Defender Antivirus. You want to get an overview of the migration process and how to make the switch.|[Make the switch to Microsoft Defender for Endpoint](switch-to-mde-overview.md)| |You've already migrated or onboarded to Defender for Endpoint. You want some help with next steps, such as managing your security settings, configuring more features, or fine-tuning your security policies.|[Manage Microsoft Defender for Endpoint, post-migration](manage-mde-post-migration.md)|
+| You were previously using Microsoft Defender for Endpoint Server, and now you're moving your servers to Microsoft Defender for Cloud. | [Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud](migrating-mde-server-to-cloud.md) |
## Do you have feedback for us?
security Prevent Changes To Security Settings With Tamper Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Previously updated : 01/11/2023 Last updated : 01/26/2023 audience: ITPro
During some kinds of cyber attacks, bad actors try to disable security features,
> > Tamper protection is part of anti-tampering capabilities that include [standard protection attack surface reduction rules](attack-surface-reduction-rules-reference.md). >
-> If you're using Microsoft Intune to manage Defender for Endpoint settings, we recommend setting [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp#configurationdisablelocaladminmerge) to true on devices.
+> If you're using Microsoft Intune to manage Defender for Endpoint settings, we recommend setting [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp#configurationdisablelocaladminmerge) to true on devices, and deploy using Intune.
> > When tamper protection is turned on, tamper protected settings cannot be changed from their default value. Changes might appear to be successful in Intune, but will not actually be allowed by tamper protection. For the most current list of tamper protected settings, contact support. - ## How tamper protection works Tamper protection essentially locks Microsoft Defender Antivirus to its secure, default values, and prevents your security settings from being changed through apps and methods such as:
You can use a registry key to determine whether the functionality to protect Mic
2. Go to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features` (or `HKLM\SOFTWARE\Microsoft\Windows Defender\Features`), and look for a `REG_DWORD` entry called **TPExclusions**.
- - If **TPExclusions** has a value of `1`, then the new functionality to protect exclusions is enabled on the device.
+ - If **TPExclusions** has a value of `1`, then all required conditions are met, and the new functionality to protect exclusions is enabled on the device. In this case, exclusions are tamper protected.
- If **TPExclusions** has a value of `0`, then tamper protection isn't currently protecting exclusions on the device. > [!CAUTION]
security Windows Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/windows-whatsnew.md
All updates contain:
- Serviceability improvements - Integration improvements (Cloud, [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804))
-<details>
- <summary>Jan/Feb-2023 (Release version: 10.8295.22621.1019)</summary>
+
+## Jan/Feb-2023 (Release version: 10.8295.22621.1019)
|OS |KB |Release version | ||||
All updates contain:
**What's new** - Improved command and control security, quality fixes
-</details>
-<details>
- <summary>Dec-2022 (Release version: 10.8210.22621.1016)</summary>
+## Dec-2022 (Release version: 10.8210.22621.1016)
|OS |KB |Release version | ||||
All updates contain:
**What's new** - Bug fixes and stability improvements
-</details>
-<details>
- <summary>Aug-2022 (Release version: 10.8210.*)</summary>
+## Aug-2022 (Release version: 10.8210.*)
|OS |KB |Release version | ||||
All updates contain:
> [!NOTE] > Update package KB5005292 is on a gradual rollout schedule through Windows Update. Towards the end of this schedule, the package will be published completely, including to the update catalog for manual download. For the current release, this will be in the second half of October. If you want to test the package sooner, you can use [gradual rollout controls for platform updates](configure-updates.md) to select the Preview channel.
-<br/>
-</details>
See also: - [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md)
security Defender For Office 365 Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new) - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+## January 2023
+
+- [Automatic Tenant Allow/Block List expiration management is now available in Microsoft Defender for Office 365](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447): Microsoft will now automatically remove entries from the allow list once the system has learned from it. Alternatively, Microsoft will extend the expiration time of the allows if the system has not learned yet. This will prevent your legitimate emails from going to junk or quarantine.
+ ## December 2022 - The new Microsoft 365 Defender role-based access control (RBAC) model, with support for Microsoft Defender for Office, is now available in public preview. For more information, see [Microsoft 365 Defender role-based access control (RBAC)](../defender/manage-rbac.md).
For more information on what's new with other Microsoft Defender security produc
## July 2022 -- [Introducing actions into the email entity page](mdo-email-entity-page.md): Admins can take preventative, remediation and submission actions from email entity page.
+- [Introducing actions into the email entity page](mdo-email-entity-page.md): Admins can take preventative, remediation, and submission actions from the email entity page.
## June 2022