Jump to content
Welcome to our new Citrix community!
  • 0

Recipe Microsoft 365 Defender


Michel D

Question

I want to install the Microsoft 365 Defender in our non persistent vdi vmware horizon enviroment.

I created an application layer and  downloaded the install script for not persistent vdi. placed it in the startup local GPO 

But is not working as espected. 

VDI's are not showing up in the portal, in the Event viewer is the message that the machine was added succesvol.

 

I also tried to install the Microsoft 365 Defender on the golden image but the vdi takes hours to show up in the portal. And can not do the manual virusscan.

 

Anyone have experiance or an recipe?

 

 

Link to comment

2 answers to this question

Recommended Posts

  • 0

I can only speak to how I implemented Defender in our XenDesktop environment (W10 20H2, non-persistent), which is a little different than the route you took. First thing's first - there are two really good blogs on this topic, in case you haven't seen them. Here's part 1 and part 2. I did not opt for the local GPO method, instead using a domain GPO for onboarding. Here are the steps I took to configure Defender:

 

  1. Create a DFS share to host Defender's Security intelligence updates per part 1 of that blog
  2. Create a GPO to manage Defender's settings (see screenshot below)
    1. Note: For "Define the order of sources...", I use FileShares|MMPC because if the share hosting the defs goes down, the only way your VMs will receive updated defs is if you use MMPC, which will grab them from the Microsoft's website directly. I found out this the hard way, and confirmed with MS on the behavior
    2. This GPO also uses a PowerShell Startup script (computer policy) for onboarding
      1. Onboard-NonPersistentMachine.ps1 is used for the script, but make sure that WindowsDefenderATPOnboardingScript.cmd is also present in that folder if you intend to use 'a single entry for each machine' per part 2 of that blog. which is the route I assume most would want with non-persistent VMs
  3. Enable Defender in the OS layer, and run Windows Update to pull in the latest defs
  4. After compiling the image, I edit it in Private mode to seal it, performing the following tasks in my sealing script:
    1. #Install the latest Defender definitions before sealing
      Write-Host "Updating Defender..." -ForegroundColor Yellow -NoNewLine
      Start-Process "C:\Program Files\Windows Defender\MpCmdRun.exe" -ArgumentList "-RemoveDefinitions -DynamicSignatures" -Wait -PassThru | Out-Null
      Start-Process "C:\Program Files\Windows Defender\MpCmdRun.exe" -ArgumentList "-SignatureUpdate" -Wait -PassThru | Out-Null
      Write-Host " Done" -ForegroundColor Green
      
      #Scan the compiled image before sealing
      Write-Host "Scanning the image with Defender..." -ForegroundColor Yellow -NoNewLine
      Start-MpScan -ScanType FullScan
      Write-Host " Done" -ForegroundColor Green
      
      #Configure Defender settings that need to be baked into the image, as some require a reboot
      Write-Host "Configuring Defender..." -ForegroundColor Yellow -NoNewLine
      Set-MpPreference -SharedSignaturesPath \\domain.com\Citrix\WDAV\wdav-update
      Set-MpPreference -SignatureDefinitionUpdateFileSharesSources \\domain.com\Citrix\WDAV\wdav-update
      Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $False
      Set-MpPreference -SignatureFallbackOrder 'FileShares|MMPC'
      Write-Host " Done" -ForegroundColor Green

That's all I do for our W10 non-persistent VMs, and Defender has been fine in our environment. All VMs onboard properly, and I never have to worry about offboarding since I don't onboard my master image, etc. It's much cleaner this way, IMO. I will say that Defender is a bit of a pig, somehow. We moved from Trend Micro Apex One, which did much better in terms of resource consumption. Not only does Defender use more CPU and RAM, but it also added 10 seconds to our logon time just by having the services enabled.

Defender.jpg

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...