I’ve had several clients recently who have talked about what’s entailed to support legacy operation systems (Windows 7/8/Server 2008) in Microsoft Defender ATP. In short, you’re essentially installing the Microsoft Monitoring Agent that’s part of what is legacy OMS (now Azure Security) and the
If your Windows 7 build are up-to-date, you shouldn’t have to install the following 3 items:
- Install the February 2018 monthly update rollup
- Install either .NET framework 4.5 (or later) or KB3154518 (my reference machine was running 4.0 and already had this update)
- Update for customer experience and diagnostic telemetry
Also, check your .NET version before installing. I attempted to go from version 4.0 to 4.8 on my test VM and it broke the MMS agent where I had to revert, but I was able to go from 4.0 to 4.5 with no disruption to services.
Use the following command:
reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full” /v version
Download the respective OMS client
- X86
https://go.microsoft.com/fwlink/?LinkId=828604 - AMD64
https://go.microsoft.com/fwlink/?LinkId=828603
Open your MD ATP console to the Onboarding page, and under Windows 7 as the OS copy your WORKSPACE ID and WORKSPACE KEY
https://securitycenter.microsoft.com/preferences2/onboarding
Specify <platform> as either x86 or AMD64 then extract the install
MMASetup-<platform>.exe /c /t:c:\MMASETUP-<platform>
Provide the documented WORKSPACE ID and WORKSPACE KEY then run the install
setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=”WORKSPACE ID” OPINSIGHTS_WORKSPACE_KEY=”WORKSPACE KEY” AcceptEndUserLicenseAgreement=1
After installation:
- Check Services.msc to ensure the “Microsoft Monitoring Agent” service is running
- Also check the Operations Manager event log for entries
- %SystemRoot%\System32\Winevt\Logs\Operations Manager.evtx
In the Microsoft Defender ATP console you should see your Windows 7 machine:
If you need to remove a machine check out these steps:
