Windows Defender ATP will help you to secure your servers and your workstations, and manage them directly from the Cloud.

To start, be sure to have the right licenses: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements

When you have the requirement, go to https://securitycenter.windows.com and create your Windows Defender ATP tenant:

Windows Defender ATP

You now have access to the portal:

Access to the portal

If you go in Settings > Onboarding, you will have information to deploy WDATP agent, depending of your operating system:

Deploy WDATP agent

Execute the procedure. After few minutes, you will be able to see your servers:

Machines list

On the detailed view of the server, you have some actions:

The detailed view of the server

To generate an alert, execute the following command:

An alert appears in the MDATP portal:

MDATP portal

You can launch some actions from the ATP portal, on a selected server:

Action center ATP portal

Automated investigation started manually

From some days now, WDATP for Linux is available in preview. You need to go in Settings > Advanced features and activate preview features:

WDATP for Linux

Logoff and log on again. If you go back to Onboarding, you have now Linux Server:

Logoff and log on again

The full documentation to install on a Linux is available here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually#prerequisites-and-system-requirements

After a few minutes, servers are in the console:

Servers are in the console

I used the following command, to create an alert on my ATP console:

After a few seconds, I had the alert in my console:

Machine name

Machines / fala-invoice

With the detail:

Microsoft Defender ATP

Microsoft Defender ATP detected

And on the Linux itself, the file has been moved to quarantine:

Status quarantined

On the alert, you have some options available:

Microsoft Defender Alerts

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Find out more about ➡ VSAN from StarWind

And the alert disappears:

Microsoft Defender / risk level

Windows Defender ATP is a very good product, to monitor/protect your servers, with a small effort. As you can see, it’s a quick overview of the product, but you can do a lot of things with it.

Views All Time
4
Views Today
10
Appreciate how useful this article was to you?
No Ratings Yet
Loading...
Back to blog
The following two tabs change content below.
Florent Appointaire
Florent Appointaire is Microsoft Engineer with 5 years of experience, specialized in Cloud Technologies (Public/Hybrid/Private). He is a freelance consultant in Belgium from the beginning of 2017. He is MVP Cloud and Datacentre Management. He is MCSE Private Cloud and Hyper-V certified. His favorite products are SCVMM, SCOM, Windows Azure pack/Azure Stack and Microsoft Azure.