ATP Advanced Threat Protection on Server 2012 R2?? On-Boarding.
OMG Microsoft: is it me or is this article really confusing?
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection
For Servers, we don't use System Center Endpoint Protection nor do we use System Center Operations Manager.
I'm really confused on their instructions for "Windows Server 2012 R2 and Windows Server 2016": Specifically, it says to "Turn on server monitoring from Windows Defender Security Center". However, it doesn't appear that Windows Defender is installed in GUI 2012 R2.
In the link above, it says to "Turn on server monitoring from the windows defender security center portal" which I don't seem to have.
Is this whole confusing article really meant to suggest I "install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP", even though I'm not using those other two products?
Thanks in advance if you can point me in the right direction,
Mike
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection
For Servers, we don't use System Center Endpoint Protection nor do we use System Center Operations Manager.
I'm really confused on their instructions for "Windows Server 2012 R2 and Windows Server 2016": Specifically, it says to "Turn on server monitoring from Windows Defender Security Center". However, it doesn't appear that Windows Defender is installed in GUI 2012 R2.
In the link above, it says to "Turn on server monitoring from the windows defender security center portal" which I don't seem to have.
Is this whole confusing article really meant to suggest I "install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP", even though I'm not using those other two products?
Thanks in advance if you can point me in the right direction,
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On the link you initially posted, did you check out the "getting started" section in the left nav?
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection
The validating licensing and signing in for the first time shows the defender portal which is later referenced. Seeing the early terminology in getting started makes the later pages much more clear, as they can assume you already know the portal they are referring to.
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection
The validating licensing and signing in for the first time shows the defender portal which is later referenced. Seeing the early terminology in getting started makes the later pages much more clear, as they can assume you already know the portal they are referring to.
ASKER
Thanks Cliff.
Yes, we are licensed and are paying for Defender ATP cloud service and have access to our online defender ATP portal.
We have most of our win10 clients onboarded.
Now I'm trying to get our servers onboarded.
We have a green check mark for "Server Machine Monitoring: ON" at https://securitycenter.windows.com/preferences2/onboarding
I tried downloading this:
"Microsoft Monitoring Agent MMA". I stopped at the point where it asked if I wanted "Connect the agent to Azure Log Analytics (OMS)" and/or "Connect the agent to the System Center Operations Manager"
Yes, we are licensed and are paying for Defender ATP cloud service and have access to our online defender ATP portal.
We have most of our win10 clients onboarded.
Now I'm trying to get our servers onboarded.
We have a green check mark for "Server Machine Monitoring: ON" at https://securitycenter.windows.com/preferences2/onboarding
I tried downloading this:
"Microsoft Monitoring Agent MMA". I stopped at the point where it asked if I wanted "Connect the agent to Azure Log Analytics (OMS)" and/or "Connect the agent to the System Center Operations Manager"
ASKER
I'll dig further into: "Manually install the agent using setup " on the page.
I was just a bit concerned I was heading down the wrong path. Maybe I wasn't :-)
I was just a bit concerned I was heading down the wrong path. Maybe I wasn't :-)
Yes. The manual setup tells you which option to choose. (hint. ATP uses Azure as a back end.)
ASKER
ok I proceeded with Log Analytics service in Azure with my workspace ID & key.
Keeping my fingers cross that it will show up in the console.
Thanks!
Keeping my fingers cross that it will show up in the console.
Thanks!
ASKER
I'm now pretty optimistic this will work.
I'll post tomorrow!
Thx
Mike
I'll post tomorrow!
Thx
Mike
ASKER
It worked!
Sorry for being so timid - I didn't want to screw this up!
Thanks again Cliff !!
Sorry for being so timid - I didn't want to screw this up!
Thanks again Cliff !!
ASKER
Thanks!
No worries. Good luck.
ASKER
#Clear_AS_MUD :-)