This summary of the video was created by an AI. It might contain some inaccuracies.
00:00:00 – 00:21:29
The video discusses onboarding Windows 10 devices with Microsoft Defender for Endpoints using Group Policy Objects. Key steps include downloading and deploying a package, configuring group policies, creating scheduled tasks, and enabling sample collection for deep analysis. Emphasis is placed on testing configurations before deployment and troubleshooting onboarding issues. The importance of setting up Group Policy Objects correctly, checking event logs, and utilizing the client analyzer tool is highlighted. The speaker also mentions enabling Windows Defender ATP through Group Policy Objects and emphasizes proper network configuration. Finally, viewers are encouraged to subscribe for future content on onboarding devices with endpoint monitors.
00:00:00
In this part of the video, the focus is on onboarding Windows 10 devices with Microsoft Defender for Endpoints using group policy objects. Key points include downloading and deploying a dedicated package, enabling sample collection for deep analysis, checking event logs to verify successful onboarding, and utilizing the client analyzer tool for troubleshooting. The three-step process involves downloading the package, creating the group policy object, and mapping it to respective OUs for deployment. The importance of testing configurations in a dedicated OU before full deployment is stressed. Instructions for downloading the package from the Microsoft Defender for Endpoints portal are also provided.
00:03:00
In this segment of the video, the user demonstrates how to configure Microsoft Defender for Endpoints on securitycenter.windows.com. The user navigates to settings, onboarding, and selects Windows 10, then group policy, and downloads the package. The next step involves copying the downloaded package to the domain controller for creating a group policy object. The group policy object’s purpose is to schedule a task on client machines for onboarding in system context. The package contains files for device onboarding and enabling settings for data collection. The user proceeds to create a new group policy object named “onboarding device” in the group policy management console to ensure client accessibility to the file from the shared location. The configuration involves creating a scheduled task in the computer configuration settings.
00:06:00
In this segment of the video, the speaker explains the process of setting up a task in Windows 7 and defining it to run with the highest privileges. Key steps include defining the task name, selecting the system context for running the task, and specifying the location of the file to be executed. The shared folder where the file exists needs to be properly accessible by the devices, with domain computers granted read-only permission. The exact location format for the file is detailed as hostname, folder name, and file. The video also covers enabling sample collection for deep analysis within the same group policy object, emphasizing organization and the option to create separate GPUs for specific device sets if needed.
00:09:00
In this segment of the video, the speaker discusses setting up Windows Defender ATP using Group Policy Objects. They show how to enable the setting by copying specific files (ADMX and ADML extension files) to the Policy Definition folder. The speaker emphasizes the importance of restarting the Group Policy Management Console or the server if the options do not appear after pasting the files. Finally, they demonstrate enabling the ‘Enable and Disable Sample Collection’ option within the Windows Defender ATP folder in the Group Policy settings. This enables the necessary settings and completes the configuration process.
00:12:00
In this segment of the video, the focus is on downloading the package, creating a group policy object, and scoping it to the correct OU. The speaker demonstrates moving the device to be onboarded, showing the current status of the device through the command prompt and Event Viewer logs. Event Viewer logs such as ‘watp onboarding’ and ‘sense’ are showcased to monitor successful onboarding. The importance of checking network configuration before proceeding with onboarding is emphasized. The current Group Policy Objects (GPOs) applied to the machine are queried using the command prompt with admin access, showing only the default domain policy applied currently. This limited policy application is identified as the reason why the device is not yet onboarded.
00:15:00
In this segment of the video, the speaker discusses the process of moving a device to a specific group policy object (mdatpou) in order to onboard the device successfully. They demonstrate how to update group policies on the client machine by running “gpupdate /force” and verify the application of the group policy object using “gpresult /v”. The speaker also checks event logs to ensure successful onboarding of the device. Finally, they show how to verify the device listing on the portal and mention the availability of a client analyzer tool for download.
00:18:00
In this segment, the speaker explains troubleshooting steps for onboarding issues related to Microsoft Defender for Endpoints. They run the MD ATP client analyzer file, which populates a folder with various logs providing information for troubleshooting. The speaker briefly mentions different log entries like ‘sense’, ‘sense ir’, and ‘utc’. They emphasize the importance of understanding each log’s purpose for effective troubleshooting. Additionally, the video covers onboarding devices with Group Policy Object and checking event logs and group policy folders for issues. The speaker highlights the significance of ensuring proper access settings in Group Policy Object deployment.
00:21:00
In this segment of the video, the speaker mentions discussing the client analyzer tool and will share the link for further understanding. They also plan to create a detailed video about it in the future. They then hint at the next video being about onboarding Windows and devices with endpoint monitor. Viewers are encouraged to subscribe, share the video, and thank the speaker for their time.