Home

Microsoft Defender ATP now in preview on Windows 10 Enterprise multi-session

%3CLINGO-SUB%20id%3D%22lingo-sub-1372007%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1372007%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20happy%20to%20announce%20on%26nbsp%3B%3CSTRONG%3EMicrosoft%20Defender%20Advanced%20Threat%20Protection%20(MDATP)%20support%20on%20Windows%20Virtual%20Desktop%3C%2FSTRONG%3E%26nbsp%3Benabling%20both%26nbsp%3B%3CSTRONG%3Esingle%3C%2FSTRONG%3E%26nbsp%3Band%26nbsp%3B%3CSTRONG%3Emulti-session%3C%2FSTRONG%3E%26nbsp%3Bscenarios.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20support%20for%26nbsp%3B%3CSTRONG%3EMulti-user%20session%20scenarios%3C%2FSTRONG%3E%26nbsp%3Bis%20currently%20in%26nbsp%3B%3CSTRONG%3EPreview%3C%2FSTRONG%3E%26nbsp%3Band%26nbsp%3B%3CSTRONG%3Elimited%20up%20to%2025%20concurrent%20sessions%3C%2FSTRONG%3E%26nbsp%3Bper%20host%2FVM%20while%20the%20%3CSTRONG%3Esingle%20session%20scenarios%3C%2FSTRONG%3E%26nbsp%3Bare%26nbsp%3B%3CSTRONG%3Efully%20supported%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThe%20support%20applies%20to%20the%20following%20operating%20systems%3A%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EWindows%2010%20Enterprise%20multi-session%2C%20version%201809%20or%20later%3C%2FLI%3E%0A%3CLI%3EWindows%2010%20Enterprise%2C%20version%201809%20or%20later%3C%2FLI%3E%0A%3CLI%3EWindows%207%20Enterprise%3C%2FLI%3E%0A%3CLI%3EWindows%20Server%202019%3C%2FLI%3E%0A%3CLI%3EWindows%20Server%202016%3C%2FLI%3E%0A%3CLI%3EWindows%20Server%202012%20R2%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnboarding%20WVD%20devices%20to%20MDATP%20is%20done%20via%20the%20existing%20device%20onboarding%20process%2C%20follow%20the%20relevant%20onboarding%20instructions%20per%20the%20platform%20you%20are%20using%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFollow%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fsecurity%252Fthreat-protection%252Fmicrosoft-defender-atp%252Fconfigure-endpoints%26amp%3Bdata%3D04%257C01%257CPieter.Wigleven%2540microsoft.com%257C596ff2872ce64167b2dc08d7f1e9d403%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637243858921795349%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3DXAw%252BXGztRnCZ2emcIH%252B8psdtY2ROabXQiGetzefokd8%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethese%20instructions%3C%2FA%3E%26nbsp%3Bfor%20Windows%2010%20based%20VMs%3C%2FLI%3E%0A%3CLI%3EFollow%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fsecurity%252Fthreat-protection%252Fmicrosoft-defender-atp%252Fconfigure-server-endpoints%26amp%3Bdata%3D04%257C01%257CPieter.Wigleven%2540microsoft.com%257C596ff2872ce64167b2dc08d7f1e9d403%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637243858921805344%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3Do7TQWpGXH9S83mQXs0xjUGy42yVzNA7nZjat1C27mco%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethese%20instructions%3C%2FA%3E%26nbsp%3Bfor%20Windows%20Server-based%20VMs%3C%2FLI%3E%0A%3CLI%3EFollow%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fsecurity%252Fthreat-protection%252Fmicrosoft-defender-atp%252Fonboard-downlevel%26amp%3Bdata%3D04%257C01%257CPieter.Wigleven%2540microsoft.com%257C596ff2872ce64167b2dc08d7f1e9d403%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637243858921805344%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3DffRAtcuvQuNKdppYFJTTjFJtVRDSqmv5WPPVDl8OCVg%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethese%20instructions%3C%2FA%3E%26nbsp%3Bfor%20previous%20Windows%20client%20versions%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3EPieter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1372007%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMDATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWVD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1378824%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1378824%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20need%20to%20onboard%2012%20VM's%20and%20I%20am%20using%20the%20local%20script%2C%20but%20with%20the%20local%20script%2C%20I%20can%20onboard%20only%2010%20VMs.%20How%20should%20I%20onboard%20the%20remaining%202%20VMs%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63584%22%20target%3D%22_blank%22%3E%40Pieter%20Wigleven%20(WINDOWS)%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1379359%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1379359%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F557804%22%20target%3D%22_blank%22%3E%40gadmin285%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EThere%20is%20no%20counter%20in%20the%20script%2C%201-10%20computers%20is%20just%20a%20recommendation%2C%20preventing%20you%20from%20being%20sneaker%20admin.%3C%2FP%3E%3CP%3EI'm%20running%20the%20script%20from%20a%20network%20share%20through%20the%20%22Run%20PowerShell%20script%22%20from%20Azure%20VM%20portal%20(removed%20the%20lines%20about%20confirmation)%20whenever%20we%20roll-out%20new%20WVD.%3CBR%20%2F%3ESo%20far%20we%20have%20more%20than%2040%20machines%20onboarded%20with%20same%20script.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1379457%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1379457%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F179540%22%20target%3D%22_blank%22%3E%40Olaf%20Thyssen%3C%2FA%3E%26nbsp%3BAwesome.%20Thanks%20very%20much%20for%20the%20reply.%20I%20don't%20know%20why%20this%20information%20is%20not%20in%20the%20documentation.%20Have%20you%20tried%20URL%20blocking%20with%20this%3F%20My%20plan%20is%20to%20onboard%20all%20the%2012%20VMs%20and%20apply%20the%20URL%20blocking%20for%20them.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1385906%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1385906%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F557804%22%20target%3D%22_blank%22%3E%40gadmin285%3C%2FA%3E%26nbsp%3B%20I've%20done%20this%20with%20custom%20indicators%2C%20and%20it%20works%20fine.%20However%2C%20you%20might%20want%20to%20look%20into%20the%20Cyren%20webfilter%20if%20you%20want%20to%20block%20more%20than%20just%20a%20few%20unwanted%20sites..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1385927%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1385927%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F300463%22%20target%3D%22_blank%22%3E%40Sentry23%3C%2FA%3E%26nbsp%3BI%20think%20to%20use%20Cyren%20we%20should%20have%20a%20license.%20check%20the%20screenshot%20once.%20Also%20what's%20the%20use%20of%20Cyren%3F%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22need%20license%20of%20web%20filtering.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F191286i580B808C40F20DA4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22need%20license%20of%20web%20filtering.PNG%22%20alt%3D%22need%20license%20of%20web%20filtering.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1388885%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1388885%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F557804%22%20target%3D%22_blank%22%3E%40gadmin285%3C%2FA%3E%26nbsp%3BIt%20looks%20as%20if%20you%20need%20to%20acquire%20it%20still.%20If%20you%20have%20it%2C%20it%20provides%20an%20easy%20way%20to%20just%20block%20whole%20categories%20of%20websites%20(such%20as%20adult%20content%2C%20violence%2C%20etc)%2C%20instead%20of%20having%20to%20add%20each%20site%20by%20hand%20in%20a%20custom%20rule.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1426303%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20now%20in%20preview%20on%20Windows%2010%20Enterprise%20multi-session%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1426303%22%20slang%3D%22en-US%22%3E%3CP%3EThanks.%20Understood.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Microsoft

We are happy to announce on Microsoft Defender Advanced Threat Protection (MDATP) support on Windows Virtual Desktop enabling both single and multi-session scenarios. 

 

The support for Multi-user session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM while the single session scenarios are fully supported.

 

The support applies to the following operating systems: 

  • Windows 10 Enterprise multi-session, version 1809 or later
  • Windows 10 Enterprise, version 1809 or later
  • Windows 7 Enterprise
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2

 

Onboarding WVD devices to MDATP is done via the existing device onboarding process, follow the relevant onboarding instructions per the platform you are using:

Regards,

Pieter

7 Replies
Highlighted

Hi, I need to onboard 12 VM's and I am using the local script, but with the local script, I can onboard only 10 VMs. How should I onboard the remaining 2 VMs? @Pieter Wigleven (WINDOWS) 

Highlighted

@gadmin285 
There is no counter in the script, 1-10 computers is just a recommendation, preventing you from being sneaker admin.

I'm running the script from a network share through the "Run PowerShell script" from Azure VM portal (removed the lines about confirmation) whenever we roll-out new WVD.
So far we have more than 40 machines onboarded with same script.

Highlighted

@Olaf Thyssen Awesome. Thanks very much for the reply. I don't know why this information is not in the documentation. Have you tried URL blocking with this? My plan is to onboard all the 12 VMs and apply the URL blocking for them.

Highlighted

@gadmin285  I've done this with custom indicators, and it works fine. However, you might want to look into the Cyren webfilter if you want to block more than just a few unwanted sites..

Highlighted

@Sentry23 I think to use Cyren we should have a license. check the screenshot once. Also what's the use of Cyren?need license of web filtering.PNG

Highlighted

@gadmin285 It looks as if you need to acquire it still. If you have it, it provides an easy way to just block whole categories of websites (such as adult content, violence, etc), instead of having to add each site by hand in a custom rule.

Highlighted