適用於美國政府客戶的適用於端點的 Microsoft DefenderMicrosoft Defender for Endpoint for US Government customers

適用於:Applies to:

Microsoft Defender for the the the the the the the the the the the 政府客戶在 Azure US 政府環境中所使用的基礎技術,與 Azure 商業銀行中的 Defender for Endpoint 相同。Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.

這種服務可用於 GCC、GCC 高及 DoD 客戶,並以與商業性版本相同的防護、偵測、調查和修正功能為基礎。This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. 不過,此服務的功能可用性有一些差異。However, there are some differences in the availability of capabilities for this offering.

注意

如果您是在商業版中使用 Defender for Endpoint 的 GCC 客戶,請參閱公用檔頁面。If you are a GCC customer using Defender for Endpoint in Commercial, please refer to the public documentation pages.

授權需求Licensing requirements

適用于美國政府客戶的 microsoft Defender for Endpoint 需要下列其中一項 Microsoft 大量授權提供:Microsoft Defender for Endpoint for US Government customers requires one of the following Microsoft volume licensing offers:

桌面授權Desktop licensing

GCCGCC GCC HighGCC High DoDDoD
Windows 10 企業版E5 GCCWindows 10 Enterprise E5 GCC Windows 10 企業版GCC 高的 E5Windows 10 Enterprise E5 for GCC High Windows 10 企業版適用于 DOD 的 E5Windows 10 Enterprise E5 for DOD
GCC 高的 Microsoft 365 E5Microsoft 365 E5 for GCC High Microsoft 365G5 (DOD)Microsoft 365 G5 for DOD
Microsoft 365GCC 高的 G5 安全性Microsoft 365 G5 Security for GCC High Microsoft 365DOD 安全性(DOD)Microsoft 365 G5 Security for DOD
Microsoft Defender for Endpoint GCCMicrosoft Defender for Endpoint - GCC GCC 高的 Microsoft Defender for EndpointMicrosoft Defender for Endpoint for GCC High DOD 的 Microsoft Defender 端點Microsoft Defender for Endpoint for DOD

伺服器授權Server licensing

GCCGCC GCC HighGCC High DoDDoD
Microsoft Defender for Endpoint Server GCCMicrosoft Defender for Endpoint Server GCC 適用于 GCC 高的 Microsoft Defender for Endpoint ServerMicrosoft Defender for Endpoint Server for GCC High 用於 DOD 的 Microsoft Defender for Endpoint ServerMicrosoft Defender for Endpoint Server for DOD
伺服器的 Azure DefenderAzure Defender for Servers 伺服器的 Azure Defender-政府Azure Defender for Servers - Government 伺服器的 Azure Defender-政府Azure Defender for Servers - Government

入口網站 URLsPortal URLs

以下是適用于美國政府客戶的 Microsoft Defender for Endpoint 入口 URLs:The following are the Microsoft Defender for Endpoint portal URLs for US Government customers:

客戶類型Customer type 入口網站 URLPortal URL
GCCGCC https://gcc.securitycenter.microsoft.us
GCC HighGCC High https://securitycenter.microsoft.us
DoDDoD https://securitycenter.microsoft.us

端點版本Endpoint versions

獨立作業系統版本Standalone OS versions

支援下列作業系統版本:The following OS versions are supported:

作業系統版本OS version GCCGCC GCC HighGCC High DoDDoD
Windows 10,version 20H2 (與KB4586853) Windows 10, version 20H2 (with KB4586853) 是 是 是
Windows 10,版本 2004 (與KB4586853) Windows 10, version 2004 (with KB4586853) 是 是 是
Windows 10,版本 1909 (與KB4586819) Windows 10, version 1909 (with KB4586819) 是 是 是
Windows 10,版本 1903 (與KB4586819) Windows 10, version 1903 (with KB4586819) 是 是 是
Windows 10,版本 1809 (與KB4586839) Windows 10, version 1809 (with KB4586839) 是 是 是
Windows 10,版本 1803 (與KB4598245) Windows 10, version 1803 (with KB4598245) 是 是 是
Windows 10,版本1709Windows 10, version 1709 否
附注:不支援Note: Won't be supported
Yes With KB4499147Yes With KB4499147
附注:已 過時,請升級Note: Deprecated, please upgrade
否
附注:不支援Note: Won't be supported
Windows 10,版本1703及更早版本Windows 10, version 1703 and earlier 否
附注:不支援Note: Won't be supported
否
附注:不支援Note: Won't be supported
否
附注:不支援Note: Won't be supported
Windows使用KB4586839) 的伺服器 2019 (Windows Server 2019 (with KB4586839) 是 是 是
Windows Server 2016Windows Server 2016 是 是 是
Windows Server 2012 R2Windows Server 2012 R2 是 是 是
Windows Server 2008 R2 SP1Windows Server 2008 R2 SP1 是 是 是
Windows 8.1 企業版Windows 8.1 Enterprise 是 是 是
Windows 8 ProWindows 8 Pro 是 是 是
Windows 7 SP1 EnterpriseWindows 7 SP1 Enterprise 是 是 是
Windows 7 SP1 ProWindows 7 SP1 Pro 是 是 是
LinuxLinux 是 是 是
macOSmacOS 是 是 是
AndroidAndroid 否 在工程處理積壓工作On engineering backlog 否 在工程處理積壓工作On engineering backlog 否 在工程處理積壓工作On engineering backlog
iOSiOS 否 在工程處理積壓工作On engineering backlog 否 在工程處理積壓工作On engineering backlog 否 在工程處理積壓工作On engineering backlog

注意

若已指定修補程式,必須在裝置上架之前部署,才能將 Defender 設定為正確的環境。Where a patch is specified, it must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment.

注意

嘗試使用Microsoft Monitoring AgentWindows 10 或 Windows Server 2019 的板載 Windows 裝置?Trying to onboard Windows devices older than Windows 10 or Windows Server 2019 using Microsoft Monitoring Agent? 如果使用 設定向導,或是使用 命令列腳本 -將 "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" 參數設定為1,則需要在 "Azure CLOUD" 底下選擇「azure US 政府」。You'll need to choose "Azure US Government" under "Azure Cloud" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.

針對伺服器使用 Azure Defender 時的作業系統版本OS versions when using Azure Defender for Servers

針對伺服器使用 Azure Defender時,可支援下列作業系統版本:The following OS versions are supported when using Azure Defender for Servers:

作業系統版本OS version GCCGCC GCC HighGCC High DoDDoD
Windows Server 2019Windows Server 2019 是 是 是
Windows Server 2016Windows Server 2016 是 是 是
Windows Server 2012 R2Windows Server 2012 R2 是 是 是
Windows Server 2008 R2 SP1Windows Server 2008 R2 SP1 是 是 是

必要的連線設定Required connectivity settings

如果 Proxy 或防火牆在預設情況下封鎖所有流量,並且只允許特定網域通過,請將可下載工作表中列出的網域新增到允許的網域清單中。If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.

下列可供下載的試算表會列出您網路必須能夠連線的服務及其相關 URLs。The following downloadable spreadsheet lists the services and their associated URLs your network must be able to connect to. 請確認沒有防火牆或網路篩選規則可拒絕這些 URLs 的存取權,或專門為使用者建立 允許 規則。Verify there are no firewall or network filtering rules that would deny access to these URLs, or create an allow rule specifically for them.

網域清單的試算表Spreadsheet of domains list 描述Description
Microsoft Defender for Endpoint URLs 試算表的縮圖影像
服務位置、地理位置和作業系統的特定 DNS 記錄試算表。Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

在這裡下載試算表。Download the spreadsheet here.

如需詳細資訊,請參閱 Configure device proxy And Internet connectivity settingsFor more information, see Configure device proxy and Internet connectivity settings.

注意

試算表也包含商用 URLs,請務必檢查「US .Gov」索引標籤。The spreadsheet contains commercial URLs as well, make sure you check the "US Gov" tabs.

篩選時,請查看標示為「US .Gov」的記錄,以及 geography 欄底下的特定雲端。When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column.

服務後端 IP 範圍Service backend IP ranges

如果您的網路裝置不支援以 DNS 為基礎的規則,請改為使用 IP 範圍。If your network devices don't support DNS-based rules, use IP ranges instead.

適用于美國政府客戶的 Defender (位於 Azure US 政府環境中)是在下列地區部署的:Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions:

  • AzureCloud.usgovtexasAzureCloud.usgovtexas
  • AzureCloud.usgovvirginiaAzureCloud.usgovvirginia

您可以在 AZURE Ip 範圍和服務標記-美國政府雲端中找到 azure ip 範圍。You can find the Azure IP ranges in Azure IP Ranges and Service Tags – US Government Cloud.

注意

作為雲端式解決方案,IP 位址範圍可能會變更。As a cloud-based solution, the IP address ranges can change. 建議您移至以 DNS 為基礎的規則。It's recommended you move to DNS-based rules.


APIAPI

您必須使用下列 URIs,而不是 API 檔中列出的公用 URIs:Instead of the public URIs listed in our API documentation, you'll need to use the following URIs:

端點類型Endpoint type GCCGCC GCC高 & DoDGCC High & DoD
登入Login https://login.microsoftonline.com https://login.microsoftonline.us
適用于 Endpoint API 的 DefenderDefender for Endpoint API https://api-gcc.securitycenter.microsoft.us https://api-gov.securitycenter.microsoft.us
SIEMSIEM https://wdatp-alertexporter-us.gcc.securitycenter.windows.us https://wdatp-alertexporter-us.securitycenter.windows.us

具有商業性的功能同位Feature parity with commercial

適用于美國政府客戶的 Defender (適用于美國政府客戶)沒有完整的與商業產品的效驗。Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. 雖然我們的目標是將所有商業功能提供給我們的美國政府客戶,但仍有一些尚未提供的功能可供您選擇。While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.

這些是已知的空白:These are the known gaps:

功能名稱Feature name GCCGCC GCC HighGCC High DoDDoD
管理和 APIs:資料流程 APIManagement and APIs: Streaming API 是 是 是
Web 內容篩選Web content filtering 否 在開發In development 否 在開發In development 否 在開發In development
整合: Azure SentinelIntegrations: Azure Sentinel 是 是 警示Alerts
否 & 原始資料的事件:開發中Incidents & Raw data: In development
是 警示Alerts
否 & 原始資料的事件:開發中Incidents & Raw data: In development
整合: Microsoft Cloud App SecurityIntegrations: Microsoft Cloud App Security 是 否 在開發In development 否 在開發In development
整合: Microsoft 合規性管理員Integrations: Microsoft Compliance Manager 否 在開發In development 否 在開發In development 否 在開發In development
整合: Microsoft Defender 身分識別Integrations: Microsoft Defender for Identity 否 在開發In development 否 在開發In development 否 在開發In development
整合: Microsoft 端點 DLPIntegrations: Microsoft Endpoint DLP 否 在開發In development 否 在開發In development 否 在開發In development
整合: Microsoft IntuneIntegrations: Microsoft Intune 是 是 是
整合: Microsoft Power Automate & Azure Logic AppsIntegrations: Microsoft Power Automate & Azure Logic Apps 是 否 在開發In development 否 在開發In development
Microsoft 威脅專家Microsoft Threat Experts 否 在工程處理積壓工作On engineering backlog 否 在工程處理積壓工作On engineering backlog 否 在工程處理積壓工作On engineering backlog