You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.custom: nextgen
9
9
ms.reviewer: pahuijbr
10
10
manager: deniseb
11
11
ms.subservice: ngp
12
-
ms.date: 05/30/2024
12
+
ms.date: 07/10/2024
13
13
ms.collection:
14
14
- m365-security
15
15
- tier2
@@ -64,7 +64,7 @@ For details on configuring Microsoft Configuration Manager (current branch), see
64
64
|Scan [reparse points](/windows/win32/fileio/reparse-points) <br/> **Scan**\>**Turn on reparse point scanning**|Disabled|Not available <br/>See [Reparse points](/windows/win32/fileio/reparse-points)|
65
65
|Scan mapped network drives<br/>**Scan**\>**Run full scan on mapped network drives**|Disabled|`-DisableScanningMappedNetworkDrivesForFullScan`|
66
66
|Scan archive files (such as .zip or .rar files). <br/>**Scan**\>**Scan archive files**|Enabled|`-DisableArchiveScanning` <br/><br/>The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) will take precedence over this setting.|
67
-
|Scan files on the network <br/>**Scan**\>**Scan network files**|Enabled|`-DisableScanningNetworkFiles`|
67
+
|Scan files on the network <br/>**Scan**\>**Scan network files**|Disabled|`-DisableScanningNetworkFiles`|
68
68
|Scan packed executables<br/>**Scan**\>**Scan packed executables**|Enabled|Not available <br/><br/>Scan packed executables were removed from the following templates:<br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2)<br/>- Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2)|
69
69
|Scan removable drives during full scans only<br/>**Scan**\>**Scan removable drives**|Disabled|`-DisableRemovableDriveScanning`|
70
70
|Specify the level of subfolders within an archive folder to scan <p>**Scan**\>**Specify the maximum depth to scan archive files**|0|Not available|
Copy file name to clipboardExpand all lines: defender-endpoint/configure-device-connectivity.md
+16-35Lines changed: 16 additions & 35 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.collection:
14
14
ms.reviewer: pahuijbr
15
15
search.appverid: MET150
16
16
audience: ITPro
17
-
ms.date: 06/14/2024
17
+
ms.date: 06/11/2024
18
18
---
19
19
20
20
# Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint
@@ -27,44 +27,26 @@ ms.date: 06/14/2024
27
27
-[Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
28
28
-[Microsoft Defender XDR](/defender-xdr)
29
29
30
-
The Microsoft Defender for Endpoint service might require the use of proxy configurations to report diagnostic data and communicate data to the service. Prior to the availability of the streamlined connectivity method, other URLs were required and Defender for Endpoint static IP ranges weren't supported. For more information on preparing your environment, see [STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
30
+
The Defender for Endpoint client might require the use of proxied connections to relevant cloud services. This article describes the streamlined device connectivity method, the prerequisites and provides additional information for verifying connectivity using the new destination(s).
31
31
32
-
This article describes the streamlined device connectivity method and how to onboard new devices to use a simpler deployment and management of Defender for Endpoint cloud connectivity services. For more information on migrating previously onboarded devices, see [Migrating devices to streamlined connectivity](migrate-devices-streamlined.md).
32
+
To simplify network configuration and management, you now have the option of onboarding new devices to Defender for Endpoint using a reduced URL set or static IP ranges. For more information on migrating previously onboarded devices, see [Migrating devices to streamlined connectivity](migrate-devices-streamlined.md).
33
33
34
-
To simplify network configuration and management, you now have the option of onboarding devices to Defender for Endpoint using a reduced URL set or static IP ranges. See the [streamlined URL list](https://aka.ms/MDE-streamlined-urls).
34
+
The Defender for Endpoint-recognized simplified domain: `*.endpoint.security.microsoft.com` consolidates connectivity to the following core Defender for Endpoint services:
35
35
36
-
The Defender for Endpoint-recognized simplified domain: `*.endpoint.security.microsoft.com` replaces the following core Defender for Endpoint services:
36
+
- Cloud-delivered protection
37
+
- Malware sample submission storage
38
+
- Auto-IR sample storage
39
+
- Defender for Endpoint command & control
40
+
- Defender for Endpoint cyber and diagnostic data
37
41
38
-
- Cloud Protection/MAPS
39
-
- Malware Sample Submission Storage
40
-
- Auto-IR Sample Storage
41
-
- Defender for Endpoint Command & Control
42
-
- EDR Cyberdata
42
+
For more information on preparing your environment and the updated list of destinations, see [STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
43
43
44
44
To support network devices without hostname resolution or wildcard support, you can alternatively configure connectivity using dedicated Defender for Endpoint static IP ranges. For more information, see [Configure connectivity using static IP ranges](#option-2-configure-connectivity-using-static-ip-ranges).
45
45
46
46
> [!NOTE]
47
47
> - The streamlined connectivity method will **not change how Microsoft Defender for Endpoint functions on a device nor will it change the end-user experience**. Only the URLs or IPs that a device uses to connect to the service will change.
48
48
> - There currently is no plan to deprecate the old, consolidated service URLs. Devices onboarded with "standard" connectivity will continue to function. It is important to ensure connectivity to `*.endpoint.security.microsoft.com` is and remains possible, as future services will require it. This new URL is included in all required URL lists.
49
-
50
-
## Consolidated services
51
-
52
-
The following Defender for Endpoint URLs consolidated under the simplified domain should no longer be required for connectivity if `*.endpoint.security.microsoft.com` is allowed and devices are onboarded using the streamlined onboarding package. You need to maintain connectivity with other required services not consolidated that are relevant to your organization (for example, CRL, SmartScreen/Network Protection, and Windows Update).
53
-
54
-
For the updated list of required URLs, see [STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
55
-
56
-
> [!IMPORTANT]
57
-
> If you are configuring using IP ranges, you will need to separately configure the EDR cyberdata service. This service is not consolidated on an IP level.
> - Connections to the service leverage certificate pinning and TLS. It is not supported to "break and inspect" traffic. In addition, connections are initiated from a device context, not a user context. Enforcing proxy (user) authentication will disallow (break) connectivity in most cases.
68
50
69
51
## Before you begin
70
52
@@ -140,9 +122,9 @@ Streamlined connectivity allows you to use the following option to configure clo
140
122
141
123
#### Option 1: Configure connectivity using the simplified domain
142
124
143
-
Configure your environment to allow connections with the simplified Defender for Endpoint domain: `*.endpoint.security.microsoft.com`. For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
125
+
Configure your environment to allow connections to the simplified Defender for Endpoint domain: `*.endpoint.security.microsoft.com`. For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
144
126
145
-
You must maintain connectivity with remaining required services listed under the [updated list](https://aka.ms/MDE-streamlined-urls). For example, Certification Revocation List, Windows update, SmartScreen.
127
+
You must maintain connectivity with remaining required services listed under the [updated list](https://aka.ms/MDE-streamlined-urls). For example, the certification revocation list, Windows Update, SmartScreen services may also need to be accessible dependent on your current networking infrastructure and patching approach.
146
128
147
129
#### Option 2: Configure connectivity using static IP ranges
148
130
@@ -160,11 +142,10 @@ In order to stay up to date on IP ranges, it's recommended to refer to the follo
160
142
161
143
| Service tag name | Defender for Endpoint services included |
| OneDsCollector | EDR Cyberdata <br/><br/> Note: The traffic under this service tag isn't limited to Defender for Endpoint and can include diagnostic data traffic for other Microsoft services. |
165
-
166
-
The following table lists the current static IP ranges covered by the MicrosoftDefenderForEndpoint service tag. For latest list, refer to the Azure service tags.
145
+
| MicrosoftDefenderForEndpoint | Cloud-delivered protection, malware sample submission storage, Auto-IR sample storage, Defender for Endpoint command and control. |
146
+
| OneDsCollector | Defender for Endpoint cyber and diagnostic data <br/><br/> Note: The traffic under this service tag isn't limited to Defender for Endpoint and can include diagnostic data traffic for other Microsoft services. |
167
147
148
+
The following table lists the current static IP ranges covered by the MicrosoftDefenderForEndpoint service tag. For latest list, refer to the [Azure service tags](/azure/virtual-network/service-tags-overview) documentation.
|[Device response capabilities: run AV scan](respond-machine-alerts.md)|||||
59
+
|[Device response capabilities: run antivirus scan](respond-machine-alerts.md)|||||
<sup>[1]</sup> Refers to the modern, unified solution for Windows Server 2012 R2 and 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
64
+
<sup>[1]</sup> Refers to the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
65
65
66
66
<sup>[2]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview))
67
67
68
68
<sup>[3]</sup> Response capabilities using Live Response [2]
69
69
70
70
<sup>[4]</sup> Collect file only, using Live Response [2]
71
71
72
+
<sup>[5]</sup> Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11
73
+
72
74
> [!NOTE]
73
-
> Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and AV using System Center Endpoint Protection (SCEP).
75
+
> Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and antivirus using System Center Endpoint Protection (SCEP).
74
76
75
77
[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
Copy file name to clipboardExpand all lines: defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,8 @@ For more information on Microsoft Defender for Endpoint on specific operating sy
52
52
53
53
## July 2024
54
54
55
-
- (GA) Learning hub resources, including Microsoft Defender XDR Ninja training, learning paths, and training modules have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject.
55
+
- (GA) Learning hub resources have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject.
Copy file name to clipboardExpand all lines: defender-for-iot/monitor-site-security.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,6 +31,8 @@ The **Site security** page gives you an overview of the security status of your
31
31
-[Review the top **How protected are your sites** section](#review-site-protection-information) to get a general overview of your entire network, including sites with the highest number of devices that are exposed or at risk.
32
32
-[Review the site list](#review-the-site-list) to monitor specific security information for each site.
33
33
34
+
:::image type="content" source="media/monitor-site-security/site-security-page-blurred.png" alt-text="Screenshot showing the site security page with a list of sites." lightbox="media/monitor-site-security/site-security-page-blurred.png":::
35
+
34
36
The data displayed in the **Site security** page is the total aggregated data for the entire environment, and might include data for sites that you don't have access to. When you drill down into device data from the [site list](#review-the-site-list), the **Device Inventory** page only displays data for devices you can access.
35
37
36
38
## Review site protection information
@@ -57,3 +59,7 @@ Note that the data displayed in this table is the total aggregated data for the
57
59
|**Critical devices**|The number of critical devices at this site. A critical device is a self assigned device that has extra importance to your business or system, such as a server that contains confidential data. |- Use this data to prioritize protection for sites with critical devices.<br>- Select the number to open the **Device Inventory** page, filtered according to the site name and criticality level. |
58
60
|**Highly-exposed devices**|The number of highly exposed devices at this site. |Select the number to open the **Device Inventory** page, filtered according to the site name and high exposure level. |
59
61
|**Devices with high risk**|The number of high risk devices at this site. |Select the number to open the **Device Inventory** page, filtered according to the site name and high risk level. |
62
+
63
+
When you select an individual site, the site specific pane open, with details and data about that site, for example:
64
+
65
+
:::image type="content" source="media/monitor-site-security/site-security-side-pane.png" alt-text="Screenshot showing the site security page with a list of sites and the site specific side pane open displaying details and data for that site." lightbox="media/monitor-site-security/site-security-side-pane.png":::
0 commit comments