Forum Discussion

PieterWigleven's avatar
May 07, 2020

Microsoft Defender ATP now in preview on Windows 10 Enterprise multi-session

We are happy to announce on Microsoft Defender Advanced Threat Protection (MDATP) support on Windows Virtual Desktop enabling both single and multi-session scenarios. 

 

The support for Multi-user session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM while the single session scenarios are fully supported.

 

The support applies to the following operating systems: 

  • Windows 10 Enterprise multi-session, version 1809 or later
  • Windows 10 Enterprise, version 1809 or later
  • Windows 7 Enterprise
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2

 

Onboarding WVD devices to MDATP is done via the existing device onboarding process, follow the relevant onboarding instructions per the platform you are using:

Regards,

Pieter

  • gadmin285's avatar
    gadmin285
    Brass Contributor

    Hi, I need to onboard 12 VM's and I am using the local script, but with the local script, I can onboard only 10 VMs. How should I onboard the remaining 2 VMs? PieterWigleven 

    • Olaf_Thyssen's avatar
      Olaf_Thyssen
      Brass Contributor

      gadmin285 
      There is no counter in the script, 1-10 computers is just a recommendation, preventing you from being sneaker admin.

      I'm running the script from a network share through the "Run PowerShell script" from Azure VM portal (removed the lines about confirmation) whenever we roll-out new WVD.
      So far we have more than 40 machines onboarded with same script.

      • gadmin285's avatar
        gadmin285
        Brass Contributor

        Olaf_Thyssen Awesome. Thanks very much for the reply. I don't know why this information is not in the documentation. Have you tried URL blocking with this? My plan is to onboard all the 12 VMs and apply the URL blocking for them.

  • PieterWigleven Any idea how the licensing will work for Windows 10 Multisession in WVD?  I'm reading in the MDATP docs that if I have an E5 license, I can use MDATP on up to 5 concurrent devices; does this include a WVD session hosts running Windows 10 Multisession?  Or do I need to add the session host VM to Azure Security Center to achieve licensing requirements?

    • limaecho's avatar
      limaecho
      Copper Contributor

      Jeff_Bryant 

       

      I agree, the ambiguity around product releases and public preview and trials is just getting out of hand at Microsoft!

       

      Try and get answers from MS Distributors and they are in the same boat. Product Team you guys are doing a great job in getting new products out - but why not feed info to your users (beta users) on how to go about deploying new products.

       

      We are looking at E5 users or standalone Defender Advanced Threat Protection. But have no clarity on how licensing in WVD will be compliant/work!

      • PieterWigleven's avatar
        PieterWigleven
        Icon for Microsoft rankMicrosoft

        limaecho Jeff_Bryant I've checked it's part of your existing E5 per User licensing. A user needs have a valid E5 license when accessing a session on Win10 Enterprise multi-session. A license is only used when an user has an active session. With per User licensing you always have access to concurrent 5 devices (or sessions). 

  • FreekBloemhof's avatar
    FreekBloemhof
    Brass Contributor

    @ Since a couple of days WVD seems not completely supported anymore? See attached screenshot.

     

    Did I mis an anouncement around this?

  • ahart3's avatar
    ahart3
    Brass Contributor
    With relation to AVD/Windows 10 Multi-session, is there any planned support for third party browsers for web filtering?

Resources