Microsoft Defender for Identity switches and silent installation

This article provides guidance and instructions for Microsoft Defender for Identity switches and silent installation.

Prerequisites

Defender for Identity requires the installation of Microsoft .NET Framework 4.7 or later.

When you install Defender for Identity, .Net Framework 4.7 is automatically installed as part of the deployment of Defender for Identity if .Net Framework 4.7 or later is not installed already.

Note

The installation of .Net framework 4.7 may require rebooting the server. When installing the Defender for Identity sensor on domain controllers, consider scheduling a maintenance window for the domain controllers.

Using Defender for Identity silent installation, the installer is configured to automatically restart the server at the end of the installation (if necessary). Make sure to run silent installation only during a maintenance window. Because of a Windows Installer bug, the norestart flag cannot be reliably used to make sure the server does not restart.

To track your deployment progress, monitor the Defender for Identity installer logs, which are located in %AppData%\Local\Temp.

Defender for Identity sensor silent installation

Note

When silently deploying the Defender for Identity sensor via System Center Configuration Manager or other software deployment system, it is recommended to create two deployment packages:
- Net Framework 4.7 or later which may include rebooting the domain controller
- Defender for Identity sensor.
Make the Defender for Identity sensor package dependent on the deployment of the .Net Framework package deployment.
Get the .Net Framework 4.7 offline deployment package.

Use the following command to perform a fully silent install of the Defender for Identity sensor:

cmd.exe syntax:

"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="<Access Key>"

Powershell syntax:

.\"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="<Access Key>"

Note

When using the Powershell syntax, omitting the ./ preface results in an error that prevents silent installation.

Note

Copy the access key from the Defender for Identity portal Configuration section, Sensors page.

Installation options:

Name Syntax Mandatory for silent installation? Description
Quiet /quiet Yes Runs the installer displaying no UI and no prompts.
Help /help No Provides help and quick reference. Displays the correct use of the setup command including a list of all options and behaviors.
NetFrameworkCommandLineArguments="/q" NetFrameworkCommandLineArguments="/q" Yes Specifies the parameters for the .Net Framework installation. Must be set to enforce the silent installation of .Net Framework.

Installation parameters:

Name Syntax Mandatory for silent installation? Description
InstallationPath InstallationPath="" No Sets the path for the installation of Defender for Identity Sensor binaries. Default path: %programfiles%\Azure Advanced Threat Protection sensor
AccessKey AccessKey="**" Yes Sets the access key that is used to register the Defender for Identity sensor with the Defender for Identity instance.

Examples:

Use the following command to silently install the Defender for Identity sensor:

"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="mmAOkLYCzfH8L/zUIsH24BIJBevlAWu7wUcSfIkRJufpuEojaDHYdjrNs0P3zpD+/bObKfLS0puD7biT5KDf3g=="

Proxy authentication

Use the following commands to complete proxy authentication:

Syntax:

Name Syntax Mandatory for silent installation? Description
ProxyUrl ProxyUrl="http://proxy.contoso.com:8080" No Specifies the ProxyUrl and port number for the Defender for Identity sensor.
ProxyUserName ProxyUserName="Contoso\ProxyUser" No If your proxy service requires authentication, supply a user name in the DOMAIN\user format.
ProxyUserPassword ProxyUserPassword="P@ssw0rd" No Specifies the password for proxy user name. *Credentials are encrypted and stored locally by the Defender for Identity sensor.

For more information about proxy configuration, see Configure endpoint proxy and Internet connectivity settings for your Microsoft Defender for Identity Sensor.

Update the Defender for Identity sensor

Use the following command to silently update the Defender for Identity sensor:

Syntax:

"Azure ATP sensor Setup.exe" [/quiet] [/Help] [NetFrameworkCommandLineArguments="/q"]

Installation options:

Name Syntax Mandatory for silent installation? Description
Quiet /quiet Yes Runs the installer displaying no UI and no prompts.
Help /help No Provides help and quick reference. Displays the correct use of the setup command including a list of all options and behaviors.
NetFrameworkCommandLineArguments="/q" NetFrameworkCommandLineArguments="/q" Yes Specifies the parameters for the .Net Framework installation. Must be set to enforce the silent installation of .Net Framework.

Examples:

To update the Defender for Identity sensor silently:

"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q"

Uninstall the Defender for Identity sensor silently

Use the following command to perform a silent uninstall of the Defender for Identity sensor:

Syntax:

"Azure ATP sensor Setup.exe" [/quiet] [/Uninstall] [/Help]

Installation options:

Name Syntax Mandatory for silent uninstallation? Description
Quiet /quiet Yes Runs the uninstaller displaying no UI and no prompts.
Uninstall /uninstall Yes Runs the silent uninstallation of the Defender for Identity sensor from the server.
Help /help No Provides help and quick reference. Displays the correct use of the setup command including a list of all options and behaviors.

Examples:

To silently uninstall the Defender for Identity sensor from the server:

"Azure ATP sensor Setup.exe" /quiet /uninstall

See Also