May 06 2020 11:19 AM
Hi All. Been using Defender ATP for a few weeks now, I have two questions.
1) Do definitions updates still need to be pushed to the PC's via my SCCM patching system or does ATP take care of those and distribute them to registered clients?
2) Are there any recommended books, courses, or resources available to learn more about ATP?
Thanks
May 10 2020 11:58 PM
Sep 16 2021 11:03 PM
Sep 18 2021 01:31 AM - edited Sep 18 2021 01:31 AM
Unfortunately not direct, but you could use an Advanced Hunting Query: https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/General%20queries/MD...
If you are Using Microsoft Endpoint Manager (Itune) or SCCM, you can check for the Definition- and Platform Version there: https://deviceadvice.io/2020/12/07/manage-and-report-on-defender-antivirus-signature-update-versions...
You could also build something yourself using Powershell Commandlets (Get-MpComputerStatus): https://docs.microsoft.com/en-us/powershell/module/defender/?view=windowsserver2019-ps
About your Question Nr. 2: Unfortunately, the best I know is that you read alle the available stuff in Microsoft Docs around Defender for Endpoint.
GReat Ressources are:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/become-a-microsoft-defender-f...
https://github.com/alexverboon/MDATP#microsoft-blog-posts-on-microsoft-advanced-threat-protection