Onboard previous versions of Windows

Applies to:

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Want to experience Windows Defender ATP? Sign up for a free trial.

Windows Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.

To onboard down-level Windows client endpoints to Windows Defender ATP, you'll need to:

  • Configure and update System Center Endpoint Protection clients.
  • Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below.

Tip

After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see Run a detection test on a newly onboarded Windows Defender ATP endpoint.

Configure and update System Center Endpoint Protection clients

Important

This step is required only if your organization uses System Center Endpoint Protection (SCEP).

Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.

The following steps are required to enable this integration:

Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP

Before you begin

Review the following details to verify minimum system requirements:

  1. Download the agent setup file: Windows 64-bit agent or Windows 32-bit agent.

  2. Obtain the workspace ID:

    • In the Windows Defender ATP navigation pane, select Settings > Machine management > Onboarding
    • Select Windows 7 SP1 and 8.1 as the operating system
    • Copy the workspace ID and workspace key
  3. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent:

  4. If you're using a proxy to connect to the Internet see the Configure proxy settings section.

Once completed, you should see onboarded endpoints in the portal within an hour.

Configure proxy and Internet connectivity settings

  • Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the OMS Gateway.
  • If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
Agent Resource Ports
*.oms.opinsights.azure.com 443
*.blob.core.windows.net 443
*.azure-automation.net 443
*.ods.opinsights.azure.com 443
winatp-gw-cus.microsoft.com 443
winatp-gw-eus.microsoft.com 443
winatp-gw-neu.microsoft.com 443
winatp-gw-weu.microsoft.com 443
winatp-gw-uks.microsoft.com 443
winatp-gw-ukw.microsoft.com 443

Offboard client endpoints

To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Windows Defender ATP.

Want to experience Windows Defender ATP? Sign up for a free trial.