PowerShell onboard server onto ATP (Advanced Threat Protection) & Azure Update Management

deanUncategorized

Below is a very simple script that i created that will onboard your server onto ATP / Windows Update management.

Ensure the onboarding script is the latest from the portal 

Start-Process -Wait -FilePath \\YOURNETWORKFILESHARE\InstallMMA.bat -Argument "/silent" -PassThru
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection" /F
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection" /v GroupIds /t REG_SZ /d YOURWORKSPACETAG /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging" /v Group /t REG_SZ /d YOURWORKSPACETAG /f
$workspaceId = "YOURATPWORKSPACEID"
$workspaceKey = "YOURATPWORKSPACEKEY"
$workspaceId = "YOURUPDATEMANAGMENTID"
$workspaceKey = "YOURUPDATEMANAGEMENTWORKSPACEKEY"
$mma = New-Object -ComObject 'AgentConfigManager.MgmtSvcCfg'
$mma.AddCloudWorkspace($workspaceId, $workspaceKey)
$mma.ReloadConfiguration()
Start-service Healthservice
perfmon /res
Start-service Healthservice
Start-process "cmd.exe" "/c \\NETWORKSHARE_WHERE_YOUR_ONBOARDING_SCRIPT_IS\WindowsDefenderATPLocalOnboardingScript.cmd"

The .BAT file this installs the MMA agent. 

setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=YOURWORKSPACEID OPINSIGHTS_WORKSPACE_KEY=YOURWORKSPACEKEY == AcceptEndUserLicenseAgreement=1

Leave a Reply

Your email address will not be published. Required fields are marked *