You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/deploy/activate-capabilities.md
+16-13Lines changed: 16 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -87,44 +87,47 @@ Activate the Defender for Identity from the [Microsoft Defender portal](https://
87
87
88
88
1. Select the domain controller where you want to activate the Defender for Identity capabilities and then select **Activate**. Confirm your selection when prompted.
89
89
90
-
:::image type="content" source="media/activate-capabilities/1.jpg" lightbox="media/activate-capabilities/1.jpg" alt-text="Screenshot that shows how to activate the new sensor.":::
90
+
[](media/activate-capabilities/1.jpg#lightbox)
91
91
92
-
> [!NOTE]
93
-
> You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, where you select specific domain controllers from the list of eligible servers.
92
+
93
+
> [!NOTE]
94
+
> You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, where you select specific domain controllers from the list of eligible servers.
94
95
95
96
1. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers** to jump to the **Settings > Identities > Sensors** page, where you can check your sensor health.
96
97
97
-
:::image type="content" source="media/activate-capabilities/2.jpg" lightbox="media/activate-capabilities/2.jpg" alt-text="Screenshot that shows how to see the onboarded servers.":::
98
+
99
+
[](media/activate-capabilities/2.jpg#lightbox)
98
100
99
101
### Customers without domain controllers onboarded to Defender for Endpoint
100
102
101
103
### Connectivity requirements
102
104
103
-
Defender for Identity capabilities directly on domain controllers use Defender for Endpoint URL endpoints for communication, including simplified URLs.
105
+
Defender for Identity capabilities directly on domain controllers use Defender for Endpoint URL endpoints for communication, including streamlined URLs.
104
106
105
-
For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-environment##enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
107
+
For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-environment##enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server), [Configure connectivity using streamlined connection](/microsoft-365/security/defender-endpoint/configure-device-connectivity#option-1-configure-connectivity-using-the-simplified-domain).
106
108
107
109
### Onboard Defender for Identity capabilities
108
110
109
111
Download the Defender for Identity onboarding package from the [Microsoft Defender portal](https://security.microsoft.com)
110
112
111
113
1. Navigate to **System** > **Settings** > **Identities** > **Activation**.
112
114
113
-
1. Select Download onboarding package and save the file in a location you can access from your domain controller.
114
-
115
-
:::image type="content" source="media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png" alt-text="Screenshot that shows how to onboard the new sensor" lightbox="media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png":::
115
+
2. Select Download onboarding package and save the file in a location you can access from your domain controller.
116
116
117
-
1. From the domain controller, extract the zip file you downloaded from the Microsoft Defender portal, and run the `DefenderForIdentityOnlyOnboardingScript.cmd` script as an Administrator.
117
+
118
+
[](media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png#lightbox)
119
+
120
+
3. From the domain controller, extract the zip file you downloaded from the Microsoft Defender portal, and run the `DefenderForIdentityOnlyOnboardingScript.cmd` script as an Administrator.
118
121
119
-
<imgwidth="474"alt="Screenshot that shows the script."src="https://github.com/user-attachments/assets/ff2d73d4-7285-403e-979a-520e05cbf1d1" />
122
+
[](media/activate-capabilities/screenshot-2025-06-04-170500.png#lightbox)
120
123
121
124
## Onboarding Confirmation
122
125
123
126
To confirm the sensor has been onboarded:
124
127
125
128
1. Navigate to **System** > **Settings** > **Identities** > **Sensors**.
126
129
127
-
1. Check that the onboarded domain controller is listed.
130
+
2. Check that the onboarded domain controller is listed.
128
131
129
132
> [!NOTE]
130
133
> The onboarding doesn't require a restart/reboot. The first time you activate Defender for Identity capabilities on your domain controller, it may take up to an hour for the first sensor to show as **Running** on the **Sensors** page. Subsequent activations are shown within five minutes.
@@ -242,7 +245,7 @@ If you want to deactivate Defender for Identity capabilities on your domain cont
242
245
1. Select the domain controller where you want to deactivate Defender for Identity capabilities, select **Delete**, and confirm your selection.
243
246
244
247
245
-
248
+
246
249
Deactivating Defender for Identity capabilities from your domain controller doesn't remove the domain controller from Defender for Endpoint. For more information, see [Defender for Endpoint documentation](/microsoft-365/security/defender-endpoint/).
247
250
248
251
### Customers without domain controllers onboarded to Defender for Endpoint
Copy file name to clipboardExpand all lines: ATPDocs/security-assessment-laps.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,6 +20,10 @@ LAPS provides a solution to the issue of using a common local account with an id
20
20
21
21
LAPS simplifies password management while helping customers implement more recommended defenses against cyberattacks. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers. LAPS stores the password for each computer's local administrator account in AD, secured in a confidential attribute in the computer's corresponding AD object. The computer can update its own password data in AD, and domain administrators can grant read access to authorized users or groups, such as workstation helpdesk administrators.
22
22
23
+
> [!NOTE]
24
+
> In some cases, [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-hybrid-join) machines may still appear in the security posture assessment even if LAPS is configured in Microsoft Entra ID. This can be due to how the policy is applied or how the device reports its state.
25
+
> If this occurs, we suggest reviewing the LAPS configuration in Microsoft Entra ID to confirm everything is set up as expected. You can find more details [here](https://techcommunity.microsoft.com/blog/microsoft-entra-blog/windows-local-administrator-password-solution-with-microsoft-entra-id-now-genera/3911999).
26
+
23
27
## How do I use this security assessment?
24
28
25
29
1. Review the recommended action at <https://security.microsoft.com/securescore?viewid=actions> to discover which of your domains have some (or all) compatible Windows devices that aren't protected by LAPS, or that haven't had their LAPS managed password changed in the last 60 days.
@@ -33,7 +37,7 @@ LAPS simplifies password management while helping customers implement more recom
33
37
1. Take appropriate action on those devices by downloading, installing, and configuring or troubleshooting [Microsoft LAPS](https://go.microsoft.com/fwlink/?linkid=2104282) or [Windows LAPS](/windows-server/identity/laps/laps-overview).
34
38
35
39
36
-
40
+
37
41
> [!NOTE]
38
42
> While assessments are updated in near real time, scores and statuses are updated every 24 hours. While the list of impacted entities is updated within a few minutes of your implementing the recommendations, the status may still take time until it will be marked as **Completed**.
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/protect-workplace.md
+3-39Lines changed: 3 additions & 39 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Protect your Workplace environment | Microsoft Defender for Cloud Apps
3
3
description: Learn how about connecting your Workplace app to Defender for Cloud Apps using the API connector.
4
4
ms.topic: how-to
5
-
ms.date: 12/08/2024
5
+
ms.date: 06/09/2025
6
6
---
7
7
8
8
# How Defender for Cloud Apps helps protect your Workplace environment (Preview)
@@ -59,44 +59,8 @@ For more information, see:
59
59
60
60
## Connect Workplace to Microsoft Defender for Cloud Apps
61
61
62
-
This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Workplace account using the App Connector APIs. This connection gives you visibility into and control over your organization's Workplace use.
63
-
64
-
> [!NOTE]
65
-
> The Workplace API connector is rolling out gradually. If you don't see the connector yet in your environment and want to onboard soon, please fill the [Workplace API connector intake form](https://forms.microsoft.com/r/euj3pEmiM4).
66
-
67
-
**Prerequisites**:
68
-
69
-
- You must be signed-in as a system admin to Workplace by Meta.
70
-
71
-
> [!NOTE]
72
-
> A Workplace account can be connected to a single instance of Defender for Cloud Apps. Please make sure that your Workplace account is not connected to any other Defender for Cloud Apps instance.
73
-
74
-
**To connect Workplace to Defender for Cloud Apps**:
75
-
76
-
1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**.
77
-
1. In the **App connectors** page, select **+Connect an app**, by **Workplace by Meta**.
78
-
1. In the pop-up, give the connector a descriptive name, and select **Next**.
79
-
80
-
81
-
1. In the **External Link** page, select **Connect Workplace by Meta**:
82
-
83
-
84
-
1. You'll be redirected to Workplace by Meta page.
85
-
86
-
>[!NOTE]
87
-
>Make sure you are logged into Workplace as System admin.
88
-
89
-
1. On the Workplace authorization page, make sure to choose the correct organization from the dropdown.
90
-
91
-
1. In the app consent page, make sure to choose **All groups** and then select **Add to Workplace.**
92
-
1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
93
-
94
-
> [!NOTE]
95
-
>
96
-
> - The first connection can take up to 4 hours to get all users and their activities.
97
-
> - The activities that will show are the activities that were generated from the moment the connector is connected.
98
-
> - After the connector's **Status** is marked as **Connected**, the connector is live and works.
99
-
> - Before deleting the app in Workplace, make sure to disconnect the connector in Defender for Cloud Apps.
62
+
> [!NOTE]
63
+
> Due to the [planned deprecation](https://www.workplace.com/help/work/1167689491269151) by Meta of Workplace from Meta, we no longer support new connections to the Workplace from Meta API connector. If you have an existing Workplace from Meta connection, it will continue to work as expected.
0 commit comments