Scribd Logo
Upload

Welcome to Scribd!

  • Defender

    Uploaded by

    Esteban Sanchez
    11 views15 pages

    Original Title

    defender.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views15 pages

    Defender

    Uploaded by

    Esteban Sanchez

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    BRK2082

    Onboard your Windows 10 endpoints


    to Windows Defender ATP
    Avi Sagiv
    Omri Haviv

    Windows Defender Advanced Threat


    Protection Product Group
    Today’s session

    Walk you through the


    user journey end to
    end
    Windows Defender
    Advanced Threat Protection
    Detect advanced attacks and remediate breaches

    Built in to Windows
    No additional deployment & infrastructure. Continuously
    up-to-date, lower costs.

    Behavior-based, cloud-powered breach detection


    Actionable, correlated alerts for known and unknown adversaries.
    Real-time and historical data.

    Rich timeline for investigation


    Easily understand scope of breach. Data pivoting
    across endpoints. Deep file and URL analysis.

    Unique threat intelligence knowledge base


    Unparalleled threat optics provide detailed actor profiles
    1st and 3rd party threat intelligence data.
    End-to-End Customer Experience
    Learn/Try Buy Provisioning/Activation
    Support

    Customer receives Email


    Link to VLSC
    BUY VIA EA
    Customer works with
    LSP to get qualified for COMMIT PROCESS
    an EA (CPS created) Customer/Partner ROC processes agreements,
    agree to concessions, amendments, CPS, etc. via
    INITIAL CUSTOMER discounts, pricing, VLCM or hardcopy
    amendments, etc.
    ENGAGEMENT and create CPS. Information entered into
    Customer learns about
    WDATP via Internet and/
    MSL/LIR/EMC/SMC TENANT DISCOVERY
    Customer signs/ WELCOME EMAIL
    or Microsoft sales rep
    BUY VIA AOS-C updates EA or AOS-C VOLUME LICENSING OLS SUMMARY Welcome Email will contain
    and other required ROC creates invoices for
    Customer works with SERVICE CENTER (VLSC) WDATP link triggers provisioning Sign-Up/Sign-In links
    LSP. documents as part of collection of payment
    Windows Security Center
    overall deal packet Sign-in with MSA

    Provisioning/Activation Use/Manage
    Support

    If you log out after


    Sign-Up/Sign-in, you
    will need to log-in
    again to complete
    onboarding

    PROVISIONING
    Auto-provisioning
    of online services
    SERVICE ACTIVATION
    Customer receives
    SIGN-UP/SIGN-IN Windows ATP confirmation of service-
    Customer fills-in Sign- readiness/activated email
    Up form and OrgID/
    Tenant is created

    Sign in with AAD


    Buy

    Customer receives Email


    Link to VLSC
    BUY VIA EA
    Customer works with
    LSP to get qualified for COMMIT PROCESS
    an EA (CPS created) Customer/Partner ROC processes agreements,
    agree to concessions, amendments, CPS, etc. via
    INITIAL CUSTOMER discounts, pricing, VLCM or hardcopy
    amendments, etc.
    ENGAGEMENT and create CPS. Information entered into
    Customer learns about MSL/LIR/EMC/SMC
    WDATP via Internet and/
    Customer signs/
    or Microsoft sales rep
    BUY VIA AOS-C updates EA or AOS-C VOLUME LICENSING
    and other required ROC creates invoices for
    Customer works with SERVICE CENTER (VLSC)
    LSP. documents as part of collection of payment
    overall deal packet Sign-in with MSA
    Provision

    TENANT DISCOVERY
    WELCOME EMAIL SIGN-UP/SIGN-IN
    OLS SUMMARY Welcome Email will contain Customer fills-in Sign-
    WDATP link triggers provisioning Sign-Up/Sign-In links Up form and OrgID/
    Windows Security Center Tenant is created
    Onboarding & Deploying
    Demo
    Omri Haviv
    Possible Pitfalls

    • Proxy & Firewall setting

    • Windows Telemetry turned off

    • OOBE installation not completed


    SIEM Integration

    • REST APIs

    • Alert display

    • ArcSight and Splunk

    • Adding more

    • Info on TechNet
    Trial Experience

    Today: What’s coming?


    • Open Registration • Open registration

    • Pre-provisioned tenant • Provisioning & onboarding required

    • No ability to connect to company AAD • Ability to connect to AAD

    • Pre-Populate attacked demo machine • No pre-populated attacked demo machine

    • DIY attack scenario • DIY attack scenario

    • No migration from trial to buy • Simple trial to buy migration


    WDATP demo

    Avi Sagiv
    What’s Next?

    • Join WDATP Trial @


    security.windows.com

    • Attend “Detect & respond to advanced and


    targeted attacks with Windows Defender ATP”
    tomorrow @ 9:00 – 9:45
    Thank You
    Please evaluate this session
    Your feedback is important to us!

    From your PC or Tablet visit MyIgnite at


    http://myignite.microsoft.com

    From your phone download and use the Ignite


    Mobile App by scanning the QR code above or
    visiting https://aka.ms/ignite.mobileapp
    © 2016 Microsoft Corporation. All rights reserved.

    You might also like