Windows Defender ATP – Revisited!

A few weeks ago I did some testing with Windows Defender Advanced Threat Protection. I ran into a few hurdles, crossed a few bridges, and apparently caught the attention of some people who truly care how the product is perceived. I’ve said it before about Microsoft: they listen. And when the whole world seems to be a labyrinth of bureaucracy and red tape, that can make a world of difference.

One of the things that bothered me was that the trial was in an isolated tenant. It bugged me because I couldn’t manage WDATP from the same pane of glass as my other Azure toys, but really it stuck in my craw that I had to use two separate browsers (you reading this, Intune developers? It’s time to put Silverlight behind us.) to manage a single device. I just had a conversation with a member of the product team who said that was actually by customer request: the majority of trial customers had requested this be isolated from their environments. Maybe I’m wrong here, but I feel like that’s not the way things normally go. Either way, I now have instructions to add my deployment to my production Azure tenant. Mark one challenge resolved!

Another challenge I ran into was deploying the client through Intune. I have to be really candid here and say this was probably more an issue with Intune than WDATP. I created the configuration policies to apply the OMA-URI settings with Intune, but in discussions and with the product team, we couldn’t see that those policies were taking effect. We did verify that they appear to be configured correctly, and I will be chasing this further with the Intune team over the coming week(s?). In fact, we couldn’t find a single OMA-URI setting that was being applied to any managed client. We even created a couple just for testing purposes, but they never took effect. Since the local script installation worked, I can’t lay the blame at the feet of WDATP.

I was excited about this before, but now that we’ve worked through some of the bigger caveats, I’m going to be pushing for approval to roll this out company-wide…just as soon as we get a scalable deployment model working.