Uncategorized

There are 3 entries in this Category.

Legacy Windows Support for Microsoft Defender ATP

I’ve had several client recently who have talked about what’s entailed to support legacy operation systems (Windows 7/8/Server 2008) in Microsoft Defender ATP. In short, you’re essentially installing the Microsoft Monitoring Agent that’s part of what is legacy OMS (now Azure Security) and the

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp

If your Windows 7 build are up-to-date, you shouldn’t have to install the following 3 items:

Also check your .NET version before install. I attempted to go from version 4.0 to 4.8 on my test VM and it broke the MMS agent where I had to revert, but I was able to go from 4.0 to 4.5 with no disruption to services.

Use the following command:

reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full” /v version

image

Download the respective OMS client

Open your MD ATP console to the Onboarding page, and under Windows 7 as the OS copy your WORKSPACE ID and WORKSPACE KEY

https://securitycenter.microsoft.com/preferences2/onboarding

Specify <platform> as either x86 or AMD64 then extract the install

MMASetup-<platform>.exe /c /t:c:\MMASETUP-<platform>

Provide the documented WORKSPACE ID and WORKSPACE KEY then run the install

setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=”WORKSPACE ID” OPINSIGHTS_WORKSPACE_KEY=”WORKSPACE KEY” AcceptEndUserLicenseAgreement=1

After installation:

  • Check Services.msc to ensure the “Microsoft Monitoring Agent” service is running
  • Also check the Operations Manager event log for entries
    • %SystemRoot%\System32\Winevt\Logs\Operations Manager.evtx

In the Microsoft Defender ATP console you should see your Windows 7 machine:

clip_image004

If you need to remove a machine check out these steps:

https://techcommunity.microsoft.com/t5/microsoft-defender-atp/remove-devices-from-mdatp-portal/m-p/1418750/highlight/true#M520

Where Hast Thou Gone, Workplacejoin.exe?

In looking to help a customer Azure AD join downlevel Windows 7 devices to their tenant, Microsoft has broken the download link (go ahead, try it yourself)

image

Thankfully a colleague of mine has been working on a project and had those executables for 32 and 64 bit on their network. So I’ve got them ZIP’d up and on my server here. Enjoy!

autoworkplace.zip

Journey in Hybrid Cloud Print

I don’t take the term “journey” lightly because now a month in I’m edging closer and closer to the finish but I still feel like I have a long way to go. From lots of reading and even some advise to “abandon the idea”, I’m not one to be a quitter

Thought I’d decide to give it a shot, but definitely fell short with the Microsoft documentation given all of the intricacies of the deployment:

Thanks to Sandy’s blog post I certainly got closer, even took the effort to build out an deployment Powershell script (which you can find here on my GitHub), and the server side portions are definitely getting further than ever. My final steps are shoring up the Intune policy in my lab and then the Windows 10 printer setup (which I hear is the final hurdle to the mountain top)

But when I took the script to run in my client’s production environment, I was missing files in the MophiaPrint folder in the inetpub\wwwroot directory, as well as the EnterpriseCloudPrint virtual directory:

image

But in my lab:

image

See? Both the EnterpriseCloudPrint and MopriaCloudService are there, which is evident by the EnterpriseCloudPrint virtual directory

Of course my first thing to do was crack open the Powershell script for installation

cd ‘C:\Program Files\WindowsPowerShell\Modules\PublishCloudPrinter\1.0.0.0’
notepad .\CloudPrintDeploy.ps1

Then I looked at the lines of code

Write-Output “** Deploying Enterprise Cloud Print binaries”
“** Installing Enterprise Cloud Print binaries” | Out-File $LogFile -append
dism /online /Add-Capability /CapabilityName:Print.EnterpriseCloudPrint~~~~0.0.1.0 >> $LogFile
Write-Output “** Deploying Mopria Discovery Service binaries”
“** Installing Mopria Discovery Service binaries” | Out-File $LogFile -append
dism /online /Add-Capability /CapabilityName:Print.MopriaCloudService~~~~0.0.1.0 >> $LogFile

In said CloudPrintDeploy.log

** Installing Enterprise Cloud Print binaries

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.2457

Error: 87

No Windows features were specified on the command line.
Use the /Get-Features option to find the name of the feature in the image and try the command again.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
** Installing Mopria Discovery Service binaries

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.2457

Error: 87

No Windows features were specified on the command line.
Use the /Get-Features option to find the name of the feature in the image and try the command again.

So I try to run the dism command outside of Powershell. Duh, same result.

So I found the command DISM /online /get-capabilities to see what capabilities were available for this build on the client server

DISM /online /get-capabilities

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.2457

Capability listing:

Capability Identity : Language.Basic~~~en-GB~0.0.1.0
State : Installed

Capability Identity : Language.Basic~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.Handwriting~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.OCR~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.Speech~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.TextToSpeech~~~en-US~0.0.1.0
State : Installed

But when I go to run the same on my regular 14393 build, I get a TON more features….

PS C:\Windows\system32> DISM /online /get-capabilities

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.0

Capability listing:

Ill Save you the hassle of all the language packs and get to the meat of it:

Capability Identity : Language.Handwriting~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.OCR~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.Speech~~~en-US~0.0.1.0
State : Installed

Capability Identity : Language.TextToSpeech~~~en-US~0.0.1.0
State : Installed

Capability Identity : Print.EnterpriseCloudPrint~~~~0.0.1.0
State : Installed

Capability Identity : Print.MopriaCloudService~~~~0.0.1.0
State : Installed

After working with the client, turns out if you’re using WSUS or SCCM, and do not have the feature packs enabled, it can cause the features to not be found. This blog from Stephen Wagner helps point out a work around:

Enable download of “Optional features” directly from Windows Update
  1. Open the group policy editor on your domain
    and create a new GPO scoped to the server in question, OR open secpol.msc on your server to modify the settings locally

  2. Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
  3. Double click or open “Specify settings for optional component installation and component repair”
  4. Make sure “Never attempt to download payload from Windows Update” is NOT checked
  5. Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
  6. Wait for your GPO to update, or run “gpupdate /force” on the machine.

css.php