Today I want to have a look at using Azure Conditional Access to restrict external…
A few days ago Microsoft announced Windows Defender Advanced Threat Protection is available for devices running Windows 7 SP1 and 8.1. At this moment Windows Defender ATP is in Public Preview.
Setting up your device
WD ATP is available on Windows 7 SP1 and 8.1 Pro and Enterprise as you can read here and if running Windows 7 SP1 you need to be sure you have installed some updates as also mentioned in the article. To onboard your device you need to install the Microsoft Monitoring Agent (MMA). You need a Windows 10 E5 license assigned to the user when running WD ATP on Windows 7 or 8.1, like you need when running it on a Windows 10 device.
First logon to Windows Defender Security Center via https://securitycenter.windows.com and open the settings. Browse to Machine Management, Onboarding. Select Windows 7 SP1 and 8.1 as operating system. Here you find your Workspace ID and Workspace key which you both need during the installation of the MMA.
Download the MMA and start the installation.
We need to connect the agent to Azure Log Analytics (OMS).
Here you need fill in the Workspace ID and Workspace key.
You can choose on the next screen Windows Update settings, get an overview and after that the installation is finished soon.
Test the WD ATP onboarding
The onboarding of the Windows 7 device was pretty simple, let`s see if the device is already reporting to the Windows Defender Security Center.
On the onboarding tab you also find a detection script you can use to see if the onboarding was succesful.
Switch back to your client device, open the command prompt and run the detection test.
After a few seconds you receive a Windows Defender ATP Alert Notification when you have configured alert notifications and within a few minutes the device is shown in the Security Center.
Onboarding of a Windows 7 or 8.1 device is pretty simple and it does work without any issues as far as I have noticed in this short test.