This is achieved by deploying a configuration package to each endpoint. Currently, this works for Windows 10, version 1706 (Creators Update). Windows Server 2016 and Windows Server 2012 R2 will be supported in the future.
There are several methods and deployment tools that can be used to deploy the configuration package to each endpoint, depending on what works best for your organization size and complexity:
- If your endpoints are joined to an AD domain, you can use Group Policy to deploy the script
- If you have deployed SCCM, this can be used to deploy it to each managed device
- Devices managed by MDM, such as Microsoft Intune
- A script can be run manually on each individual machine regardless of how it is managed, as long as it has internet connectivity to the ATP service
The configuration package is unique to your tenant, and is available for download from the Windows Defender ATP portal: https://securitycenter.windows.com:
- Go to the Navigation pane and click on Endpoint management.
- Select the appropriate options, such as Group Policy.
- Click on Download package and save the .zip file.
Each package provides a different script, and additional files where required:
- Local script: A single Windows command script is provided.
- Group Policy: A Windows command script is provided as well as an .admx and .adml file for the Group Policy Management Console (GPMC).
- MDM: This provides a single onboarding file that can be deployed to targeted machines.
- SCCM: There are two options, we recommend upgrading to version 1606. This provides a single onboarding file that can be deployed to targeted machines.
Once the endpoint has received the configuration package, it will attempt to communicate with the ATP service. To do this, the endpoint needs to be on a network that allows HTTP communication with several URLs. For complex and highly secure networks, this may require a change to the firewall rules and proxy settings to enable this communication. For further details, go to this article: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.