从 McAfee 迁移 - 第 3 阶段:载入到 Microsoft Defender for EndpointMigrate from McAfee - Phase 3: Onboard to Microsoft Defender for Endpoint

适用于:Applies to:

阶段 1:准备Phase 1: Prepare
阶段 1:准备Phase 1: Prepare
阶段 2:设置Phase 2: Set up
阶段 2:设置Phase 2: Set up
阶段 3:载入
阶段 3:载入Phase 3: Onboard
你在这里!You are here!

欢迎使用从 McAfee Endpoint Security (McAfee) 迁移到 Microsoft Defender 高级威胁防护 (Microsoft Defender for Endpoint) 的第 3 阶段Welcome to Phase 3 of migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint). 此迁移阶段包括以下步骤:This migration phase includes the following steps:

  1. 将设备载入到 Microsoft Defender for EndpointOnboard devices to Microsoft Defender for Endpoint.
  2. 运行检测测试Run a detection test.
  3. 卸载 McAfeeUninstall McAfee.
  4. 确保 Microsoft Defender for Endpoint 在活动模式下Make sure Microsoft Defender for Endpoint is in active mode.

将设备载入到 Microsoft Defender for EndpointOnboard devices to Microsoft Defender for Endpoint

  1. 转到 Microsoft Defender 安全中心 https://aka.ms/MDATPportal () 并登录。Go to the Microsoft Defender Security Center (https://aka.ms/MDATPportal) and sign in.

  2. 选择 设置 > 设备管理 > 载入Choose Settings > Device management > Onboarding.

  3. "选择操作系统以开始载入过程"列表中 ,选择操作系统。In the Select operating system to start onboarding process list, select an operating system.

  4. "部署方法"下,选择一个选项。Under Deployment method, select an option. 按照链接和提示载入组织的设备。Follow the links and prompts to onboard your organization's devices. 需要帮助?Need help? 请参阅 本文 ( 载入方法) 。See Onboarding methods (in this article).

载入方法Onboarding methods

部署方法因选择的操作系统而异。Deployment methods vary, depending on which operating system is selected. 请参阅下表中列出的资源,获取有关载入的帮助。Refer to the resources listed in the table below to get help with onboarding.

操作系统Operating system 方法Method
Windows 10Windows 10 - 组策略- Group Policy
- Configuration Manager- Configuration Manager
- Intune (移动设备) - Mobile Device Management (Intune)
- 本地脚本- Local script

注意:本地脚本适用于概念证明,但不应用于生产部署。NOTE: A local script is suitable for a proof of concept but should not be used for production deployment. 对于生产部署,我们建议使用组策略、Microsoft Endpoint Configuration Manager 或 Intune。For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.
- Windows 8.1 企业版- Windows 8.1 Enterprise
- Windows 8.1 专业版- Windows 8.1 Pro
- Windows 7 SP1 企业版- Windows 7 SP1 Enterprise
- Windows 7 SP1 专业版- Windows 7 SP1 Pro
Microsoft 监视代理Microsoft Monitoring Agent

注意:Microsoft 监视代理现在是 Azure Log Analytics 代理。NOTE: Microsoft Monitoring Agent is now Azure Log Analytics agent. 若要了解更多信息,请参阅 Log Analytics agent overviewTo learn more, see Log Analytics agent overview.
- Windows Server 2019 及更高版本- Windows Server 2019 and later
- Windows Server 2019 核心版本- Windows Server 2019 core edition
- Windows Server 版本 1803 和更高版本- Windows Server version 1803 and later
- 本地脚本- Local script
- 组策略- Group Policy
- Configuration Manager- Configuration Manager
- System Center Configuration Manager- System Center Configuration Manager
- 用于非永久性设备的 VDI 载入脚本- VDI onboarding scripts for non-persistent devices

注意:本地脚本适用于概念证明,但不应用于生产部署。NOTE: A local script is suitable for a proof of concept but should not be used for production deployment. 对于生产部署,我们建议使用组策略、Microsoft Endpoint Configuration Manager 或 Intune。For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.
- Windows Server 2016- Windows Server 2016
- Windows Server 2012 R2- Windows Server 2012 R2
- Windows Server 2008 R2 SP1- Windows Server 2008 R2 SP1
- Microsoft Defender 安全中心- Microsoft Defender Security Center
- Azure 安全中心- Azure Security Center
macOSmacOS
- 10.15 (加泰罗尼亚语) - 10.15 (Catalina)
- 10.14 (Mojave) - 10.14 (Mojave)
- 10.13 (High Sierra) - 10.13 (High Sierra)

iOSiOS

Linux:Linux:
- RHEL 7.2+- RHEL 7.2+
- CentOS Linux 7.2 及以上- CentOS Linux 7.2+
- Ubuntu 16 LTS 或更高版本 LTS- Ubuntu 16 LTS, or higher LTS
- SLES 12+- SLES 12+
- Debian 9+- Debian 9+
- Oracle Linux 7.2- Oracle Linux 7.2
载入非 Windows 设备Onboard non-Windows devices

运行检测测试Run a detection test

若要验证载入的设备是否正确连接到 Microsoft Defender for Endpoint,可以运行检测测试。To verify that your onboarded devices are properly connected to Microsoft Defender for Endpoint, you can run a detection test.

操作系统Operating system 指南Guidance
- Windows 10- Windows 10
- Windows Server 2019- Windows Server 2019
- Windows Server 版本 1803- Windows Server, version 1803
- Windows Server 2016- Windows Server 2016
- Windows Server 2012 R2- Windows Server 2012 R2
请参阅 运行检测测试See Run a detection test.

请访问 Microsoft Defender for Endpoint 演示方案站点 () https://demo.wd.microsoft.com 并尝试一个或多个方案。Visit the Microsoft Defender for Endpoint demo scenarios site (https://demo.wd.microsoft.com) and try one or more of the scenarios. 例如,尝试 云提供的保护演示 方案。For example, try the Cloud-delivered protection demo scenario.
macOSmacOS
- 10.15 (加泰罗尼亚语) - 10.15 (Catalina)
- 10.14 (Mojave) - 10.14 (Mojave)
- 10.13 (High Sierra) - 10.13 (High Sierra)
从 下载并使用 DIY 应用 https://aka.ms/mdatpmacosdiyDownload and use the DIY app at https://aka.ms/mdatpmacosdiy.

有关详细信息,请参阅Microsoft Defender ATP for Mac。For more information, see Microsoft Defender ATP for Mac.
Linux:Linux:
- RHEL 7.2+- RHEL 7.2+
- CentOS Linux 7.2 及以上- CentOS Linux 7.2+
- Ubuntu 16 LTS 或更高版本 LTS- Ubuntu 16 LTS, or higher LTS
- SLES 12+- SLES 12+
- Debian 9+- Debian 9+
- Oracle Linux 7.2- Oracle Linux 7.2
1. 运行以下命令,并查找 结果 1:1. Run the following command, and look for a result of 1:
mdatp health --field real_time_protection_enabled.mdatp health --field real_time_protection_enabled.

2. 打开"终端"窗口,并运行以下命令:2. Open a Terminal window, and run the following command:
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt.curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt.

3. 运行以下命令以列出任何检测到的威胁:3. Run the following command to list any detected threats:
mdatp threat list.mdatp threat list.

有关详细信息,请参阅适用于Linux 的 Microsoft Defender ATP。For more information, see Microsoft Defender ATP for Linux.

卸载 McAfeeUninstall McAfee

现在,你已将组织的设备载入 Microsoft Defender for Endpoint,下一步是卸载 McAfee。Now that you have onboarded your organization's devices to Microsoft Defender for Endpoint, your next step is to uninstall McAfee.

若要获取有关此步骤的帮助,请转到 McAfee ServicePortal http://mysupport.mcafee.com () 。To get help with this step, go to your McAfee ServicePortal (http://mysupport.mcafee.com).

确保 Microsoft Defender for Endpoint 已进入活动模式Make sure Microsoft Defender for Endpoint is in active mode

现在,你已卸载 McAfee,下一步是确保 Microsoft Defender 防病毒和终结点检测和响应已启用且处于活动状态。Now that you have uninstalled McAfee, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode.

为此,请访问 Microsoft Defender 终结点演示方案站点 https://demo.wd.microsoft.com () 。To do this, visit the Microsoft Defender for Endpoint demo scenarios site (https://demo.wd.microsoft.com). 尝试该页面上的一个或多个演示方案,包括至少以下方案:Try one or more of the demo scenarios on that page, including at least the following:

  • 云保护Cloud-delivered protection
  • PUA (可能不需要) Potentially Unwanted Applications (PUA)
  • 网络保护 (NP) Network Protection (NP)

重要

如果你使用的是 Windows Server 2016,可能需要手动启动 Microsoft Defender 防病毒。If you are using Windows Server 2016, you might have to start Microsoft Defender Antivirus manually. 为此,可以在设备上使用 PowerShell mpcmdrun.exe -wdenable cmdlet。You can do this by using the PowerShell cmdlet mpcmdrun.exe -wdenable on the device.

后续步骤Next steps

恭喜!Congratulations! 你已完成从 McAfee 到 Microsoft Defender for Endpoint 的迁移You have completed your migration from McAfee to Microsoft Defender for Endpoint!