EMS, Intune, Windows 10

How to get Windows 10 onboarded with Windows Defender ATP – Intune (MDM)

How to get Windows 10 onboarded with Windows Defender ATP – Intune (MDM)

Date: July 24, 2016Author: Per Larsen 4 Comments

With the release of windows 10 anniversary update the client site of Windows Defender Advanced Threat Protection (WDATP) will be integrated.

To read more about Windows Defender Advanced Threat Protection (WDATP) take a look here: https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp

This blog post is not how the WDATP is working but how to get a Windows 10 onboarded with the help of Intune MDM policy.

First of all it requires some basic understanding about how the CSP is working.

Here is a the layout of the configuration service provider (CSP) settings for WDATP – more info at https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx

Intune and Windows 10 both native supports CSP.

To setup the Onboarding first download the configuration file from WDATP.

In the menu go to Endpoint Management

Choose Mobile Device Management and download the packages

The file will be downloaded as a .zip file – extract the file and you get

The content of this file is what connects your Windows 10 devices to the WDATP tenant.

Now for the Intune part of the onboarding process.

In the Intune Console

Go to Policy -> Configuration Policy -> Add…

Create a Custom Configuration (Windows 10 Desktop and Mobile and later) policy

Enter a name for the policy
Enter a description
Click Add.. to create the CSP setting

Now you need to enter all the setting for the Onboarding CSP

Settings name: Onboarding (I always use the setting name)
Settings description (I always use the OMA-URL)
Data type : String (It is very important to use the correct data type otherwise the policy will fail)
OMA-URI : ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding
Value : use the content from the previous downloaded WindowsDefenderATP.onboarding file
Click : ok

Click Save Policy

Click yes to deploy the policy

Find a device group to deploy the policy to (when dealing with CSP policy that starts with ./Device/ always deploy it to devices, and if it starts with ./User/ deploy it to a group of users)

Now you can manual sync the Windows with Intune to onboard the device to WDATP – or just wait to the next sync cycle.

The you can see in the WDATP console that the devices is coming into the Machine View

4 thoughts on “How to get Windows 10 onboarded with Windows Defender ATP – Intune (MDM)”

Tomer Brand says:

August 16, 2016 at 07:54

Great blog!
Please note that there is one mistake in the text (the screenshot is accurate).
The OMA-URI is missing the “/Onboarding” and should be ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding

Reply
1. Perlarsen1975 says:
  
  August 26, 2016 at 20:26
  
  Thanks – it has been changed.
  
  Reply
Pingback: How to setup Windows Defender Advanced Protection – Windows 10 Enterprise E5 – Mobile-First Cloud-First
windows 10 preview review says:

November 28, 2018 at 04:54

It’s an remarkable paragraph designed for all the online
visitors; they will take benefit from it I am sure.

Reply

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: