Cloud & Networking
Reader small image

You're reading from  Windows 10 for Enterprise Administrators

Product typeBook
Published inSep 2017
PublisherPackt
ISBN-139781786462824
Edition1st Edition
Tools
Azure
Concepts
System Administration
Right arrow
Authors (3):
Richard Diver
Richard Diver
author image
Richard Diver

Richard Diver is a senior technical business strategy manager for the Microsoft Security Solutions group, focused on developing security partners. Based in Chicago, Richard works with advanced security and compliance partners to help them build solutions across the entire Microsoft platform, including Microsoft Sentinel, Microsoft Defender, Microsoft 365 security solutions, and many more. Prior to Microsoft, Richard worked in multiple industries and for several Microsoft partners to architect and implement cloud security solutions for a wide variety of customers around the world. Any spare time he gets is usually spent with his family.
Read more about Richard Diver

Manuel Singer
Manuel Singer
author image
Manuel Singer

Manuel Singer works as a Senior Premier Field Engineer for Windows Client at Microsoft and is based in Germany. He has more than 10 years of experience in system management and deployment using Microsoft technologies. He specializes in client enterprise design, deployment, performance, reliability, and Microsoft devices. Manuel works with local and international top customers from the private and public sector to provide professional technical and technological support.
Read more about Manuel Singer

Jeff Stokes
Jeff Stokes
author image
Jeff Stokes

Jeff Stokes is a Windows / Microsoft Engineer currently employed at Microsoft. He specializes in Operating System Health, Reliability, and Performance. He is skilled in Windows Deployment with MDT (Microsoft Deployment Toolkit) and has exceptional skills in VDI (Virtual Desktop) and performance analysis. He is an active writer and blogger and loves technology.
Read more about Jeff Stokes

View More author details
Right arrow

Windows Defender Advanced Threat Protection

Windows Defender Advanced Threat Protection (ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks. This chapter provides information about the service, how to configure it, and then maintain and use it for operations. This introduction will explain the prerequisites to enabling this service and give an overview of the key components. The chapter is split into the following logical sections to provide relevant information:

  • Plan: Understand the requirements and plan for the changes required to deploy and adopt this solution within your environment
  • Deploy: Configuration details to enable the ATP portal, onboard endpoints, and ensure correct network connectivity
  • Detect: Detection and investigation steps that ensure you can quickly identify the scope and targets...

Prerequisites

Windows Defender ATP requires one of the following Microsoft Volume Licensing solutions:

  • Windows 10 Enterprise E5
  • Windows 10 Education E5
  • Secure Productive Enterprise E5, which includes Windows 10 Enterprise E5

When you run the onboarding wizard for the first time, you must choose where your Windows Defender ATP-related information is stored: either in a European or United States data center. You cannot change your data storage location after the first setup.

Windows Defender ATP runs on version 1706 and preceding Windows editions:

  • Windows 10 Enterprise
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 10 Pro Education

Each endpoint must have an internet connection, which may utilize up to 5 MB of bandwidth daily to communicate with the Windows Defender ATP cloud service and report cyber data.

The Windows Defender signature update (or an alternative and compatible...

Windows Defender

Windows Defender is antivirus software that is built-in to the Windows OS and protects your systems against viruses, malware, spyware, and network threats. It is a Windows service that works with other Microsoft security and maintenance services such as Windows Firewall and Microsoft SmartScreen. All of these services are enabled by default and start at system startup. Windows Update will take care of updating itself automatically, if configured to do so. Updating Windows Defender does not require system restart.

Some key features of Windows Defender in Windows 10 include the following:

  • Microsoft Active Protection Service (MAPS): This uses the metadata of a file to analyze for potential malware, which if found can result in a new virus signature file being created to protect other devices
  • Network Inspection System: This helps guard against intrusion attempts...

Plan - environment analysis

This section provides a list of the key considerations and recommendations when deploying the Windows Defender ATP service.

Client types:

  • Endpoints should be running Windows 10 version 1706 (Creators Update)
  • Confirm that the standard build is configured appropriately to ensure the service can run without impacting the performance of the device
  • Run a test to ensure all sensor information is collected correctly (refer to details about collecting an investigation package in the Take responsive actions section later in this chapter)
  • Sufficient licenses should be owned and assigned to users and devices
  • Internet connectivity should be enabled to ensure communication between endpoints and the ATP service, and sufficient bandwidth available for the number of clients that will be reporting daily
  • Consider which clients are at high risk and may require a higher...

Deploy - service activation

This section will explain the steps required to enable and fully deploy this solution to protect users and devices across your organization. The following activities will be explained:

  • Sign up and activate the Windows Defender ATP service
  • Onboard endpoints
  • Configure sensor data
  • Other configurations

Sign up and activate Windows Defender ATP

The service is dependent on your Azure tenant being activated and configured. You will then need to ensure the appropriate licenses have been acquired and associated with your subscription.

Administrator permissions: The administrator will need to be a member of the security administrator role to enable the service, run through the initial configuration wizard...

Onboard endpoints

This is achieved by deploying a configuration package to each endpoint. Currently, this works for Windows 10, version 1706 (Creators Update). Windows Server 2016 and Windows Server 2012 R2 will be supported in the future.

There are several methods and deployment tools that can be used to deploy the configuration package to each endpoint, depending on what works best for your organization size and complexity:

  • If your endpoints are joined to an AD domain, you can use Group Policy to deploy the script
  • If you have deployed SCCM, this can be used to deploy it to each managed device
  • Devices managed by MDM, such as Microsoft Intune
  • A script can be run manually on each individual machine regardless of how it is managed, as long as it has internet connectivity to the ATP service

The configuration package is unique to your tenant, and is available for download from the...

Detect - using the ATP portal

The first thing you will see when you login to the ATP portal is the Dashboard view:

Dashboard navigation overview:

  • Left-side navigation pane (1)
  • Main portal window for displaying dashboard tiles and details (2)
  • Search, Feedback, Settings, and Help and Support (3)

The Dashboard displays a snapshot of the following components:

  • The latest active alerts on your network, with the most important highlighted at the top
  • Daily machines reporting to show how many machines are actively reporting each day
  • Machines at risk will show those endpoints with the highest risks
  • The users at risk report provides quick identification of those users
  • Machines with active malware alerts
  • Sensor and service health

Alerts queue

...

Protect Post-breach response

This section will cover the types of threats that are addressed by Windows Defender ATP, such as ransomware and credential theft, and what responses you can take when a suspect machine, file, or process is found - to ensure you collect the relevant information for a through investigation and clean up.

Types of threats

The Windows Defender ATP service can detect a wide range of threats. Each one is discussed in the following sections, and more may be added in future as the threat landscape changes. Use this information to gain awareness of the various types of threats, and keep up to date with changes by reviewing the Microsoft Security Intelligence Report, which is released via the following...

Summary

In this chapter, we covered the advanced capabilities that are available when Windows 10 Enterprise is integrated with the Windows Defender ATP service. We now have the ability to gain instant visibility into critical actions of every Windows 10 client that we manage, regardless of where it is in the world. Being able to draw upon the knowledge of global hunter teams and cyber security experts, we can quickly detect, investigate, and respond to advanced threats that standalone software cannot defend from.

This technology is constantly evolving to bring new techniques and process directly to you. Deploy it in your environment, get comfortable with the current controls and capabilities, and stay informed of the changes to ensure you know how to defend and recover from a breach.

In the next chapter we will cover some of the advanced configurations you can make with Windows...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 9 of 11
Next Chapter
You have been reading a chapter from
Windows 10 for Enterprise Administrators
Published in: Sep 2017Publisher: PacktISBN-13: 9781786462824
© 2017 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (3)

author image
Richard Diver

Richard Diver is a senior technical business strategy manager for the Microsoft Security Solutions group, focused on developing security partners. Based in Chicago, Richard works with advanced security and compliance partners to help them build solutions across the entire Microsoft platform, including Microsoft Sentinel, Microsoft Defender, Microsoft 365 security solutions, and many more. Prior to Microsoft, Richard worked in multiple industries and for several Microsoft partners to architect and implement cloud security solutions for a wide variety of customers around the world. Any spare time he gets is usually spent with his family.
Read more about Richard Diver

author image
Manuel Singer

Manuel Singer works as a Senior Premier Field Engineer for Windows Client at Microsoft and is based in Germany. He has more than 10 years of experience in system management and deployment using Microsoft technologies. He specializes in client enterprise design, deployment, performance, reliability, and Microsoft devices. Manuel works with local and international top customers from the private and public sector to provide professional technical and technological support.
Read more about Manuel Singer

author image
Jeff Stokes

Jeff Stokes is a Windows / Microsoft Engineer currently employed at Microsoft. He specializes in Operating System Health, Reliability, and Performance. He is skilled in Windows Deployment with MDT (Microsoft Deployment Toolkit) and has exceptional skills in VDI (Virtual Desktop) and performance analysis. He is an active writer and blogger and loves technology.
Read more about Jeff Stokes

Other recommended products

Related to this chapter

Installing and Configuring Windows 10: 70-698 Exam Guide

Installing and Configuring Windows 10: 70-698 Exam Guide

This guide provides an excellent collection of tips and tricks to get the job done in Windows 10. It is designed to confirm what you already know, while at the same time updating your knowledge of Windows 10. Although it provides usable content for everyone, at its heart it’s made for IT professionals seeking to strengthen their Windows 10 skills.

BookJan 2019490 pages
Microsoft Exam MD-100 Windows 10 Certification Guide

Microsoft Exam MD-100 Windows 10 Certification Guide

Written in a clear, succinct way with self-assessment questions, exam tips and mock exams with detailed answer explanations, this book covers different facets of upgrading and deploying Windows 10. You will learn about managing devices and data, configuring connectivity, security and maintain Windows 10 with updates and recovery.

BookMay 2020442 pages
Deploying Microsoft System Center Configuration Manager

Deploying Microsoft System Center Configuration Manager

It becomes important to plan, design, and deploy configurations when administrators know that Configuration Manager interacts with a number of infrastructure components such as Active Directory Domain Services, network protocols, Windows Server services, and so on.

BookSep 2017376 pages
Microsoft 365 Mobility and Security - Exam Guide MS-101

Microsoft 365 Mobility and Security - Exam Guide MS-101

The MS-101 exam is part of the Microsoft 365 Certified: Enterprise Administrator Expert certification path in which users learn to evaluate, plan, migrate, deploy, and manage Microsoft 365 services. This book offers complete, up-to-date coverage of the MS-101 exam so you can take them with confidence, fully equipped to pass the first time.

BookNov 2019312 pages
Mastering Windows Security and Hardening

Mastering Windows Security and Hardening

Securing and hardening your Windows environment will enhance protection to secure your company’s data and users. This book will provide the knowledge you need to secure the Windows environment. Windows Security and Hardening covers the best practices you can implement in real-world scenarios.

BookJul 2020572 pages
Microsoft 365 Certified Fundamentals MS-900 Exam Guide

Microsoft 365 Certified Fundamentals MS-900 Exam Guide

Microsoft? ?365? ?Certified? ?Fundamentals certification demonstrates your knowledge of cloud services in general and the SaaS cloud model. This MS-900 exam guide, filled with practice questions, exam patterns, and mock tests, will help help you pass the exam on the first go and get to grips with adopting core Microsoft 365 services and cloud concepts.

BookFeb 2020342 pages
Getting Started with Nano Server

Getting Started with Nano Server

Want to improve your ability to deploy a new VM and install and deploy container apps within minutes? You have come to the right place! The objective of this book is to get you started with Nano Server successfully. The journey is quite exciting, since we are introducing you to a cutting edge technology that will revolutionize today’s data centers.

BookJun 2017406 pages
Microsoft 365 Security Administration: MS-500 Exam Guide

Microsoft 365 Security Administration: MS-500 Exam Guide

MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.

BookJun 2020672 pages
Mastering Windows Group Policy

Mastering Windows Group Policy

Windows Group Policy has been one of the most powerful yet underutilized tools in our corporate networks for many years. It is an incredible centralized management tool, and almost everyone already has it up and running in their environments.This book will help you become familiar with what Group Policy has to offer and learn how to make better use of it in your day job.

BookNov 2018408 pages5
Windows Server 2019 Administration Fundamentals

Windows Server 2019 Administration Fundamentals

Windows Server 2019 is the latest version of the server operating system developed by Microsoft. It offers some unique features such as improved container services, storage, security, and administration. This book covers all the fundamental aspects of the Windows Server 2019 administration and also prepares you for the MTA 98-365 exam.

BookOct 2019426 pages
System Center 2016 Virtual Machine Manager Cookbook

System Center 2016 Virtual Machine Manager Cookbook

Microsoft System Center Virtual Machine Manager (SCVMM) focuses on efficiency with multiple features to help administrators consolidate physical servers within a centrally virtualized environment. This book will allow you to implement the Microsoft System Center family of components effectively and efficiently.

BookFeb 2018562 pages
Installation, Storage, and Compute with Windows Server 2016: Microsoft 70-740 MCSA Exam Guide

Installation, Storage, and Compute with Windows Server 2016: Microsoft 70-740 MCSA Exam Guide

This practical guide covers 70-740 exam objectives required for MCSA: Windows Server 2016 certification. Additionally, this certification guide will come in handy when preparing to take the exam 70-743: Upgrading Your Skills to MCSA: Windows Server 2016.

BookFeb 2019330 pages

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2