microsoft-365-docs icon indicating copy to clipboard operation
microsoft-365-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Bad guidance

Open tofergus opened this issue 1 year ago • 5 comments

The correct method is here:

https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_uplevel

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

tofergus avatar Jul 21 '22 17:07 tofergus

@tofergus Thank you for your feedback. I tested it using both the options and they are different because this document talks about onboarding devices using the Microsoft Purview compliance portal and the document you have provided talks about Microsoft Defender Security Center for Microsoft defender for the endpoint.

Both serve different purposes.

Hope this helps!

Thanks Sri

msbemba avatar Jul 27 '22 12:07 msbemba

Right, but step #3 at https://docs.microsoft.com/en-us/microsoft-365/compliance/device-onboarding-sccm refers to a deployment method choice label that is no longer available, now that ConfigMgr 2012 is EOL.

Also, step #5 mentions a .cmd file within the .zip that does not exist when selecting the current ConfigMgr choice, is not needed for Win10+, and confused our customer.

Then step #6 says to use a package/program for software distribution with ConfigMgr, which would be possible if indeed there were a .cmd file provided. ConfigMgr does have a dedicated policy type for MDE onboarding, which on Win10+ only requires the .onboarding file.

The link in blue on the portal's download page is better:

Instructions for onboarding devices using Microsoft Endpoint Configuration Managerhttps://go.microsoft.com/fwlink/?linkid=2134368 Although this article describes onboarding devices to Microsoft Defender for Endpoint, the instructions are the same for onboarding to the compliance center.

Though it doesn't link directly to https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection, but rather to an intermediary page https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-sccm, that lists tenant attach as an alternative method of onboarding, which again is not helpful.

Thanks, -Tom

From: Sriraman M S @.> Sent: Wednesday, July 27, 2022 8:14 AM To: MicrosoftDocs/microsoft-365-docs @.> Cc: Tom Ferguson @.>; Mention @.> Subject: Re: [MicrosoftDocs/microsoft-365-docs] Bad guidance (Issue #9228)

@tofergushttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftofergus&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573339195%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1lg2jt%2FKMiHVfmJYoPt5W7qB5sFuy1ubjDlyaE%2Bwlkw%3D&reserved=0 Thank you for your feedback. I tested it using both the options and they are different because this document talks about onboarding devices using the Microsoft Purview compliance portalhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcompliance.microsoft.com%2F&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573339195%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rzIWYixMmcoklaoKRamzzW%2Fwbgd51q30mK3I%2B1OzK98%3D&reserved=0 and the document you have provided talks about Microsoft Defender Security Centerhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritycenter.windows.com%2F&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573495437%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eOWiptmigWyth%2FDb0huRETIMY4ZLpriJoQQ5yKF07Y4%3D&reserved=0 for Microsoft defender for the endpoint.

Both serve different purposes.

Hope this helps!

Thanks Sri

Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmicrosoft-365-docs%2Fissues%2F9228%23issuecomment-1196650111&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573495437%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yPi4v4n8xJE7c%2FaQ4AY3S4v7zUKlzh4fFC%2Bw4TjZyMI%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAY4ZHJGEZNC3FANAZ4GPTVWERZNANCNFSM54IM7GOA&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C24cce43042cf417d046308da6fc985a1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637945208573495437%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sK4eOtadqpVYe7%2BuQdWJsumKsEfUYUCd7UV7j74IGHw%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>

tofergus avatar Jul 27 '22 12:07 tofergus

@msbemba Please review it thoroughly. Thanks

yogkumgit avatar Jul 28 '22 02:07 yogkumgit

@tofergus Thank you for the detailed explanation. I'll need to check with the author to see if we can implement these changes in the document.

We will update you shortly.

Thanks Sri

msbemba avatar Aug 08 '22 15:08 msbemba

@chrfox Please help us in resolving this issue. Thanks

yogkumgit avatar Aug 09 '22 14:08 yogkumgit

@msbemba - The whole device onboarding content set is being evaluated/changed. Please forward me the entire thread, it looks like there may be some good suggestions here from tofergus. Do not commit this PR.

@tofergus - The overlap between Purview device onboarding content and MDE makes this a difficult area. I am the writer/owner of the Purview content. I am currently evaluating both content sets for what they have in common and where each is unique for updating. Please forward your observations and questions to me [email protected].

chrfox avatar Aug 19 '22 16:08 chrfox

Hi Chris,

Here's the thread with the expanded feedback (attached).

I suppose a simple approach would be to just state that the onboarding process is identical to MDE's, and refer the reader to those docs. I'm happy to discuss ConfigMgr or Intune methods anytime.

Thanks, -Tom

From: Chris Fox MSFT @.> Sent: Friday, August 19, 2022 12:36 PM To: MicrosoftDocs/microsoft-365-docs @.> Cc: Tom Ferguson @.>; Mention @.> Subject: Re: [MicrosoftDocs/microsoft-365-docs] Bad guidance (Issue #9228)

@msbembahttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmsbemba&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nrzcmLNsYDgewQ8NCxMdYAMPamGwitmkdK1UfUsS3sI%3D&reserved=0 - The whole device onboarding content set is being evaluated/changed. Please forward me the entire thread, it looks like there may be some good suggestions here from tofergus. Do not commit this PR.

@tofergushttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftofergus&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nKXv757aH8ZNitDL0bijl%2FXprUKGULFs39UxlB%2F2PdQ%3D&reserved=0 - The overlap between Purview device onboarding content and MDE makes this a difficult area. I am the writer/owner of the Purview content. I am currently evaluating both content sets for what they have in common and where each is unique for updating. Please forward your observations and questions to me @.@.>.

Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmicrosoft-365-docs%2Fissues%2F9228%23issuecomment-1220873992&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YNsfEe08nWlTR0KkCaQV57my282ygxGLa6yDQe1vA%2Bo%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKAY4ZCJWKKWHWQQXJEFEKLVZ6ZVHANCNFSM54IM7GOA&data=05%7C01%7CTom.Ferguson%40microsoft.com%7C766fbba1e3db4a27241f08da8200d56c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637965237345087791%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EpJa4iC2tJTt%2F0rsgG8ssjJ51%2FQmJEgHMoYF4s%2BzYoM%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>

tofergus avatar Aug 19 '22 16:08 tofergus