Windows 10: How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

MBM_MDE · Oct 22, 2024

I am relatively new to Microsoft Defender 365 suite and I want to manage some of the on prem servers and workstations on-boarded with Azure arc and configuration manager. After on-boarding the endpoints, I am able to see the endpoints coming up in defender consolesecurity.microsoft.com but unable to manage/view the device security policies. Can anyone suggest how to manage security policies on servers onboarded to Microsoft Defender for Endpoint using Azure Arc and Configuration manager?I can see the below message wen I click on security policy of a device on-boarded using azure arc"This dev

:)

Bryll P. · Oct 22, 2024

Defender for Business onboarding endpoint device Error id: 15 Error level: 1

Hi John,

Thank you for writing us here in Microsoft Community.

The error message "onboarding endpoint device Error id: 15 error level: 1 The service name is invalid" indicates that there is an issue with the service name that is being used to onboard the device to Microsoft Defender for Business.

To resolve this issue, you can try the following steps:

1. Make sure that you are using the correct service name for Microsoft Defender for Business. The service name should be "Microsoft Defender for Endpoint Onboarding" (without the quotes).

2. Check if the service is running on the device. You can do this by opening the Services app (services.msc) and looking for the "Microsoft Defender for Endpoint Onboarding" service. If the service is not running, start it and try onboarding the device again.

3. If the issue persists, try restarting the device and then attempt to onboard it again.

Should issue persists, try following additional steps:

Check the Diagnostic Data Service: Ensure that the diagnostic data service is enabled and set to start

Check Internet Connection: Make sure your device has a stable internet connection

Check Microsoft Defender Antivirus Policy: Ensure that Microsoft Defender Antivirus is not disabled by a policy

View Agent Onboarding Errors in the Device Event Log: Click Start, type Event Viewer, and press Enter. Go to Windows Logs > Application. Look for an event from WDATPOnboarding event source

Stop the Service: Go to “Control Panel > Administrative Tools > Services”, find the service “Windows Defender Advanced Threat Protection Service”, right-click on the service and click “Stop”. This will stop the service and prevent it from running on the host

Create a new Windows user account: Select Start > Settings > Accounts and then select Family & other users. > Next to Add other user, select Add account. > Select I don't have this person's sign-in information, and on the next page, select Add a user without a Microsoft account. > Enter a username and Next > Go back to Family & other users > Change account type to Administrator > Restart computer to switch to new user account.

If needed, you may check similar posts with answers from experts on Microsoft Q and A Questions - Microsoft Q&A and Community page Microsoft 365 Defender - Microsoft Community Hub

We will leave this thread open for our MVPs or other members who are experts about this concern to share their answers.

Honored to be part of your journey,

Bryll

Microsoft Community Agent

Brink · Oct 22, 2024

Microsoft Defender for Endpoint on iOS is now generally available

Today, we’re excited to announce that Microsoft has reached a new milestone in our cross-platform security commitment with the general availability of our iOS offering for Microsoft Defender for Endpoint, which adds to the already existing Defender offerings on macOS, Linux, and Android.This release delivers the rich set of capabilities we announced in public preview, including anti-phishing, blocking unsafe connections, and custom Indicators. In addition, it offers a unified security experience through the Microsoft Defender Security Center, where security teams can get a centralized view of alerts, incidents, and gain additional context to remediate threats across all endpoints.

The threats on mobile are unique, with phishing being the biggest and fastest growing threat. More than 85% of these attacks take place outside of email through phishing websites, messaging apps, games, and other apps. Phishing is where we believe we bring the strength of the Microsoft security platform to bear. The scale of our service gives us extensive visibility into the billions of phishing attacks and social engineering techniques our customers face and enables us to detect and prevent these attacks on mobile.

Since our public preview announcement, we have also updated how users can get the Microsoft Defender for Endpoint app on their iOS devices. Now, eligible users can download Microsoft Defender for Endpoint from App Store.

For more information, including system requirements, prerequisites, deployment, and configuration instructions visit our documentation.

In the iOS app, to share feedback, you can use the “send feedback” option:

Increasing coverage for Android to include fully managed devices

We are also excited to share the general availability for Microsoft Defender for Endpoint (Android) support for Android Enterprise fully managed devices. This adds to the already existing support for installation on enrolled devices for the legacy Device Administrator and Android Enterprise Work Profile modes.

Android Enterprise fully managed devices are corporate-owned devices associated with a single user and used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls to work profiles, such as:

Allowing app installation only from managed Google Play

Blocking uninstallation of managed apps

Preventing users from factory resetting devices

With this change, Android Enterprise fully managed devices will get the full capabilities of our offering on Android including phishing and web protection, malware scanning, and additional breach prevention through integration with Microsoft Endpoint Manager and Conditional Access.

For more details, please refer to the documentation here.

Simplifying onboarding for Android users

As a part of our commitment to continuously improve the experience for end users, we are now also simplifying end user onboarding. Till now, end users needed to provide VPN permissions to allow the Android and iOS apps to provide anti-phishing protection. With this update, admins will be able to setup configuration and push the device profile for VPN to their users' devices so that VPN related permissions will not have to be provided by end users, thus simplifying their experience.

For more details, please refer to the documentation here.

We’re excited to be bringing these additional capabilities into mobile threat defense and look forward to hearing about your experiences and your feedback. If you’re not yet taking advantage of Microsoft’s industry leading optics and endpoint detection capabilities, sign up for a free trial of Microsoft Defender Endpoint today.
Click to expand...

Source: https://techcommunity.microsoft.com/...e/ba-p/1962420

Download: Microsoft Defender ATP on the App Store

samihmadani · Oct 22, 2024

I need to onboard MAC Device in window defender.so please let me guide how can onboard..

Prerequisites1. Microsoft Endpoint Manager (MEM/Intune) tenant with MDM authority Set to Intune

Apple Enrollment enabled and an Apple MDM Push certificate installed

2. Microsoft Defender for Endpoint (MD ATP)

Valid subscription and admin access to the new Microsoft 365 Defender (security.microsoft.com) portal or legacy Security Center (securitycenter.windows.com)

Download macOS Onboarding package (XML file) from listed above Microsoft 365 Defender portal, under Settings - Endpoints - Device Management - Onboarding

3. Supported macOS devices

The last three macOS releases are supported

Support for macOS 10.15 (Catalina) or later

4. Others

Download PowerShell scripts to simplify the configuration of macOS Custom profiles

Network connections required for Defender for Endpoint, review mdatp-urls.xlsx

ref:

Manual deployment for Microsoft Defender for Endpoint on macOS - Microsoft Defender for Endpoint

Windows 10: How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

How to manage security policies on servers onboarded to Microsoft Defender for Endpoint... - Similar Threads - manage security policies

How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

How to manage security policies on servers onboarded to Microsoft Defender for Endpoint...

Microsoft Defender for endpoint and manager

Perform bulk isolation for endpoints managed by Windows Defender for Endpoint

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

microsoft defender for endpoint

Microsoft Defender for Endpoint for Server