Ask the Community
Groups
Configuring Windows Defender With RocketCyber - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="windows-defender-has-gone-from-useless-to-top-tier-learn-how-to-configure-multi-tenant-command-and-reporting-with-rocketcyber">Windows Defender has gone from useless to top tier. Learn how to configure multi-tenant command and reporting with RocketCyber</h2> <h3 data-id="overview">Overview</h3> <p>Microsoft has continually advanced its threat protection of devices with Windows Defender. Since Windows 8 and especially with Windows 10 and later the advanced capabilities to protect the Operating System and user from malicious threats has improved dramatically.</p> <p>MSPs have not embraced Windows Defender because it lacks multi-tenant management capabilities.</p> <div data-hs-callout-type="tip"> <p>Get Details on Microsoft Defender Tamper Protection in Windows 10.</p> <p><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelp.rocketcyber.com%2Fknowledge%2Fdefender-manager-and-microsoft-defender-tamper-protection" rel="noopener nofollow">https://help.rocketcyber.com/knowledge/defender-manager-and-microsoft-defender-tamper-protection</a></p> </div> <h3 data-id="getting-started">Getting Started</h3> <p>The first thing needed is to deploy the RocketCyber agent to all devices you wish to control.</p> <p>1. L<strong>og on</strong> to the RocketCyber console</p> <p>2. From the left-hand navigation menu click <strong>All Customers</strong>.</p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/FXMP1ZWWCDWG/screen-shot-2020-01-06-at-4-16-39-pm.png" alt="screen-shot-2020-01-06-at-4-16-39-pm.png" class="embedImage-img importedEmbed-img"></img></figure><p>3. Click <strong>Deploy</strong> for the appropriate customer.</p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/46ANH0QKBIDI/screen-shot-2020-01-06-at-4-17-56-pm.png" alt="screen-shot-2020-01-06-at-4-17-56-pm.png" class="embedImage-img importedEmbed-img"></img></figure><p>From the deployment screen, choose the option that is best for your environment. There are integrations with most of the popular RMM tools which can deploy the agent.</p> <h3 data-id="enable-the-defender-manager-rocketapp"><strong>Enable the Defender Manager RocketApp</strong></h3> <p>After you've deployed the agents, the next step will be to Enable the Defender Manager app.</p> <p>1. From the left-hand Nav click on <strong>App Store</strong></p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/6OVF98ZEDT6X/screen-shot-2020-01-29-at-5-04-23-pm.png" alt="screen-shot-2020-01-29-at-5-04-23-pm.png" class="embedImage-img importedEmbed-img"></img></figure><p>2. On the Defender Manager App Tile, switch the App status to <strong>ON</strong></p> <figure></figure><figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/XMC11HF78S04/screen-shot-2020-01-29-at-5-05-23-pm.png" alt="screen-shot-2020-01-29-at-5-05-23-pm.png" class="embedImage-img importedEmbed-img"></img></figure><p>On the left-hand navigation menu, you should now see a new item for Defender Manager.</p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/ON6K3BX0P145/image.png" alt="image.png" class="embedImage-img importedEmbed-img"></img></figure><h3 data-id="configuring-the-defender-manager-settings"><strong>Configuring the Defender Manager Settings</strong></h3> <p>You are now ready to configure the settings that control Windows Defender.</p> <p>1. From the left-hand navigation menu click on <strong>Dashboard</strong>.</p> <p>2. From the <strong>Defender Manager App Card</strong>, click on <strong>Configure</strong></p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/1IKANNAXM51P/screen-shot-2020-01-29-at-5-07-42-pm.png" alt="screen-shot-2020-01-29-at-5-07-42-pm.png" class="embedImage-img importedEmbed-img"></img></figure><p>The Defender Manager Configuration dialog presents a series of tabs that control the behavior of various characteristics of Windows Defender.</p> <p><strong>General</strong> - Includes options for controlling UI elements and signature updates.</p> <p><strong>Real-time Protection</strong> - Includes options for enabling various real-time protection options.</p> <p><strong>Cloud Protection</strong> - Includes options for protection delivered from the Microsoft cloud to your endpoints.</p> <p><strong>Scans</strong> - Includes options for when and how to scan devices.</p> <p><strong>Threat Actions</strong> - Includes options for tailoring automatic threat responses.</p> <p><strong>Advanced</strong> - Includes options for Attack Surface Reduction and Advanced Threat Protection.</p> <p><strong>Exclusions</strong> - Includes options for whitelisting processes and files.</p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/FIJ550UR2GAC/screen-shot-2020-01-29-at-5-08-40-pm.png" alt="screen-shot-2020-01-29-at-5-08-40-pm.png" class="embedImage-img importedEmbed-img"></img></figure><p>The RocketCyber console provides a default configuration that should be useable by most customers without modification. </p> <p>More details about the default configuration can be found <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelp.rocketcyber.com%2Farticle%2Fghyrwp1g2w-defender-manager-default-configuration">here</a></p> <p>Review all of the default configuration options and tailor them to suit your customer environment. When finished <strong>Click Update</strong>.</p> <h3 data-id="make-the-big-switch">Make The Big Switch</h3> <p>Now that you've tailored the configuration options, it's time to switch on Microsoft Defender.</p> <p>1. <strong>From the Defender Manager App Card, click on Configure</strong></p> <p>2. In the General Tab, Click <strong>Enable Windows Defender</strong>.</p> <p>3. Click <strong>Update</strong></p> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/3ZNW71N9DJ2R/screen-shot-2020-01-29-at-5-08-40-pm-2.png" alt="screen-shot-2020-01-29-at-5-08-40-pm-2.png" class="embedImage-img importedEmbed-img"></img></figure><p>Congratulations, your devices are now protected by Windows Defender and RocketCyber!</p> <div data-hs-callout-type="note">By performing this step you effectively have laid down the configuration and staged Windows Defender. If there is already another active AV client on the device, Windows Defender won't be active until that AV client is removed. To fully activate Windows Defender uninstall the current AV solution. For details on uninstalling the current AV/ATP solution refers to the vendor's instructions.</div> </article> </main>