使用移动设备管理工具的板载 Windows 10 设备Onboard Windows 10 devices using Mobile Device Management tools

重要

欢迎使用 Microsoft defender For Endpoint,即 Microsoft Defender 高级威胁防护的新名称。Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. 在此处阅读有关此和其他更新的详细信息。Read more about this and other updates here. 我们将在不久的将来更新产品和文档中的名称。We'll be updating names in products and in the docs in the near future.

适用于:Applies to:

希望体验 Microsoft Defender ATP?Want to experience Microsoft Defender ATP? 注册免费试用版。Sign up for a free trial.

你可以使用 (MDM) 解决方案的移动设备管理来配置设备。You can use mobile device management (MDM) solutions to configure devices. Microsoft Defender ATP 通过提供用于创建管理设备策略的 OMA-URI 支持 MDMs。Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage devices.

有关使用 Microsoft Defender ATP CSP 的详细信息,请参阅 WINDOWSADVANCEDTHREATPROTECTION CSPWindowsAdvancedThreatProtection DDF 文件For more information on using Microsoft Defender ATP CSP see, WindowsAdvancedThreatProtection CSP and WindowsAdvancedThreatProtection DDF file.

开始之前Before you begin

如果你使用的是 Microsoft Intune,必须注册设备 MDM。If you're using Microsoft Intune, you must have the device MDM Enrolled. 否则将无法成功应用设置。Otherwise, settings will not be applied successfully.

有关通过 Microsoft Intune 启用 MDM 的详细信息,请参阅 设备注册 (Microsoft intune) For more information on enabling MDM with Microsoft Intune, see Device enrollment (Microsoft Intune).

使用 Microsoft Intune 的板载设备Onboard devices using Microsoft Intune

按照 Intune中的说明进行操作。Follow the instructions from Intune.

有关使用 Microsoft Defender ATP CSP 的详细信息,请参阅 WINDOWSADVANCEDTHREATPROTECTION CSPWindowsAdvancedThreatProtection DDF 文件For more information on using Microsoft Defender ATP CSP see, WindowsAdvancedThreatProtection CSP and WindowsAdvancedThreatProtection DDF file.

备注

  • Onboarded 设备策略的运行状况状态使用只读属性,无法修正。The Health Status for onboarded devices policy uses read-only properties and can't be remediated.
  • 诊断数据报告频率的配置仅适用于 Windows 10 版本1703上的设备。Configuration of diagnostic data reporting frequency is only available for devices on Windows 10, version 1703.

提示

在设备上加入后,您可以选择运行检测测试以验证设备是否已正确 onboarded 到服务。After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. 有关详细信息,请参阅 在新的 Onboarded Microsoft DEFENDER ATP 设备上运行检测测试For more information, see Run a detection test on a newly onboarded Microsoft Defender ATP device.

使用移动设备管理工具移除和监控设备Offboard and monitor devices using Mobile Device Management tools

出于安全考虑,用于移除设备的程序包将在下载日期后30天内过期。For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. 发送到设备的已过期的脱离程序包将被拒绝。Expired offboarding packages sent to a device will be rejected. 下载卸载程序包后,系统就会通知你程序包到期日期,而且程序包名称中也含有到期日期。When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.

备注

不能同时在同一台设备上部署加入和脱离策略,否则将导致不可预测的冲突。Onboarding and offboarding policies must not be deployed on the same device at the same time, otherwise this will cause unpredictable collisions.

  1. Microsoft Defender 安全中心获取脱离程序包:Get the offboarding package from Microsoft Defender Security Center:

    a.a. 在导航窗格中,选择 "设置 > 脱离"。In the navigation pane, select Settings > Offboarding.

    b.b. 选择 "Windows 10" 作为操作系统。Select Windows 10 as the operating system.

    c.c. 在 " 部署方法 " 字段中,选择 " 移动设备管理/Microsoft Intune"。In the Deployment method field, select Mobile Device Management / Microsoft Intune.

    d.d. 单击 " 下载包",然后保存该 .zip 文件。Click Download package, and save the .zip file.

  2. 将 .zip 文件的内容解压缩至将部署该程序包的网络管理员可以访问的共享只读位置。Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. 你应该有一个名为 WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding 的文件。You should have a file named WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding.

  3. 使用 Microsoft Intune 自定义配置策略部署以下受支持的 OMA-URI 设置。Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings.

    OMA URI:./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/OffboardingOMA-URI: ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding
    日期类型:字符串Date type: String
    值: [从 WindowsDefenderATP_valid_until_YYYY-MM 文件的内容复制并粘贴值]Value: [Copy and paste the value from the content of the WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding file]

有关 Microsoft Intune 策略设置的详细信息,请参阅 Microsoft Intune 中的 Windows10 策略设置For more information on Microsoft Intune policy settings see, Windows 10 policy settings in Microsoft Intune.

备注

Offboarded 设备策略的运行状况状态使用只读属性,无法修正。The Health Status for offboarded devices policy uses read-only properties and can't be remediated.

重要

脱离会导致设备停止向门户发送传感器数据,但来自设备的数据(包括对其已有的任何警报的引用)将保留最多6个月。Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months.

相关主题Related topics