microsoft-365-docs
microsoft-365-docs copied to clipboard
Bad guidance
The correct method is here:
https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_uplevel
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 1d0bace4-46dc-8b93-8731-71ad5e98e298
- Version Independent ID: 1d0bace4-46dc-8b93-8731-71ad5e98e298
- Content: Onboard Windows 10 and Windows 11 devices using Configuration Manager - Microsoft Purview (compliance)
- Content Source: microsoft-365/compliance/device-onboarding-sccm.md
- Service: o365-seccomp
- GitHub Login: @chrfox
- Microsoft Alias: chrfox
@tofergus Thank you for your feedback. I tested it using both the options and they are different because this document talks about onboarding devices using the Microsoft Purview compliance portal and the document you have provided talks about Microsoft Defender Security Center for Microsoft defender for the endpoint.
Both serve different purposes.
Hope this helps!
Thanks Sri
Right, but step #3 at https://docs.microsoft.com/en-us/microsoft-365/compliance/device-onboarding-sccm refers to a deployment method choice label that is no longer available, now that ConfigMgr 2012 is EOL.
Also, step #5 mentions a .cmd file within the .zip that does not exist when selecting the current ConfigMgr choice, is not needed for Win10+, and confused our customer.
Then step #6 says to use a package/program for software distribution with ConfigMgr, which would be possible if indeed there were a .cmd file provided. ConfigMgr does have a dedicated policy type for MDE onboarding, which on Win10+ only requires the .onboarding file.
The link in blue on the portal's download page is better:
Instructions for onboarding devices using Microsoft Endpoint Configuration Managerhttps://go.microsoft.com/fwlink/?linkid=2134368 Although this article describes onboarding devices to Microsoft Defender for Endpoint, the instructions are the same for onboarding to the compliance center.
Though it doesn't link directly to https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection, but rather to an intermediary page https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-sccm, that lists tenant attach as an alternative method of onboarding, which again is not helpful.
Thanks, -Tom
From: Sriraman M S @.> Sent: Wednesday, July 27, 2022 8:14 AM To: MicrosoftDocs/microsoft-365-docs @.> Cc: Tom Ferguson @.>; Mention @.> Subject: Re: [MicrosoftDocs/microsoft-365-docs] Bad guidance (Issue #9228)
@tofergushttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftofergus&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573339195%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1lg2jt%2FKMiHVfmJYoPt5W7qB5sFuy1ubjDlyaE%2Bwlkw%3D&reserved=0 Thank you for your feedback. I tested it using both the options and they are different because this document talks about onboarding devices using the Microsoft Purview compliance portalhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcompliance.microsoft.com%2F&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573339195%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rzIWYixMmcoklaoKRamzzW%2Fwbgd51q30mK3I%2B1OzK98%3D&reserved=0 and the document you have provided talks about Microsoft Defender Security Centerhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritycenter.windows.com%2F&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573495437%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eOWiptmigWyth%2FDb0huRETIMY4ZLpriJoQQ5yKF07Y4%3D&reserved=0 for Microsoft defender for the endpoint.
Both serve different purposes.
Hope this helps!
Thanks Sri
Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmicrosoft-365-docs%2Fissues%2F9228%23issuecomment-1196650111&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573495437%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yPi4v4n8xJE7c%2FaQ4AY3S4v7zUKlzh4fFC%2Bw4TjZyMI%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAY4ZHJGEZNC3FANAZ4GPTVWERZNANCNFSM54IM7GOA&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573495437%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sK4eOtadqpVYe7%2BuQdWJsumKsEfUYUCd7UV7j74IGHw%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>
@msbemba Please review it thoroughly. Thanks
@tofergus Thank you for the detailed explanation. I'll need to check with the author to see if we can implement these changes in the document.
We will update you shortly.
Thanks Sri
@chrfox Please help us in resolving this issue. Thanks
@msbemba - The whole device onboarding content set is being evaluated/changed. Please forward me the entire thread, it looks like there may be some good suggestions here from tofergus. Do not commit this PR.
@tofergus - The overlap between Purview device onboarding content and MDE makes this a difficult area. I am the writer/owner of the Purview content. I am currently evaluating both content sets for what they have in common and where each is unique for updating. Please forward your observations and questions to me [email protected].
Hi Chris,
Here's the thread with the expanded feedback (attached).
I suppose a simple approach would be to just state that the onboarding process is identical to MDE's, and refer the reader to those docs. I'm happy to discuss ConfigMgr or Intune methods anytime.
Thanks, -Tom
From: Chris Fox MSFT @.> Sent: Friday, August 19, 2022 12:36 PM To: MicrosoftDocs/microsoft-365-docs @.> Cc: Tom Ferguson @.>; Mention @.> Subject: Re: [MicrosoftDocs/microsoft-365-docs] Bad guidance (Issue #9228)
@msbembahttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmsbemba&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nrzcmLNsYDgewQ8NCxMdYAMPamGwitmkdK1UfUsS3sI%3D&reserved=0 - The whole device onboarding content set is being evaluated/changed. Please forward me the entire thread, it looks like there may be some good suggestions here from tofergus. Do not commit this PR.
@tofergushttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftofergus&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nKXv757aH8ZNitDL0bijl%2FXprUKGULFs39UxlB%2F2PdQ%3D&reserved=0 - The overlap between Purview device onboarding content and MDE makes this a difficult area. I am the writer/owner of the Purview content. I am currently evaluating both content sets for what they have in common and where each is unique for updating. Please forward your observations and questions to me @.@.>.
Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmicrosoft-365-docs%2Fissues%2F9228%23issuecomment-1220873992&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YNsfEe08nWlTR0KkCaQV57my282ygxGLa6yDQe1vA%2Bo%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAY4ZCJWKKWHWQQXJEFEKLVZ6ZVHANCNFSM54IM7GOA&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EpJa4iC2tJTt%2F0rsgG8ssjJ51%2FQmJEgHMoYF4s%2BzYoM%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>