This article provides guidance and instructions for Microsoft Defender for Identity switches and silent installation.
Prerequisites
Defender for Identity requires the installation of Microsoft .NET Framework 4.7 or later.
When you install Defender for Identity, .Net Framework 4.7 is automatically installed as part of the deployment of Defender for Identity if .Net Framework 4.7 or later is not installed already.
Note
The installation of .Net framework 4.7 may require rebooting the server. When installing the Defender for Identity sensor on domain controllers, consider scheduling a maintenance window for the domain controllers.
Using Defender for Identity silent installation, the installer is configured to automatically restart the server at the end of the installation (if necessary). Make sure to run silent installation only during a maintenance window. Because of a Windows Installer bug, the norestart flag cannot be reliably used to make sure the server does not restart.
To track your deployment progress, monitor the Defender for Identity installer logs, which are located in %AppData%\Local\Temp
.
Defender for Identity sensor silent installation
Note
When silently deploying the Defender for Identity sensor via System Center Configuration Manager or other software deployment system, it is recommended to create two deployment packages:
– Net Framework 4.7 or later which may include rebooting the domain controller
– Defender for Identity sensor.
Make the Defender for Identity sensor package dependent on the deployment of the .Net Framework package deployment.
Get the .Net Framework 4.7 offline deployment package.
Use the following command to perform a fully silent install of the Defender for Identity sensor:
cmd.exe syntax:
"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="<Access Key>"
Powershell syntax:
.\"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="<Access Key>"
Note
When using the Powershell syntax, omitting the ./ preface results in an error that prevents silent installation.
Note
Copy the access key from the Defender for Identity portal Configuration section, Sensors page.
Installation options:
Name | Syntax | Mandatory for silent installation? | Description |
---|---|---|---|
Quiet | /quiet | Yes | Runs the installer displaying no UI and no prompts. |
Help | /help | No | Provides help and quick reference. Displays the correct use of the setup command including a list of all options and behaviors. |
NetFrameworkCommandLineArguments=”/q” | NetFrameworkCommandLineArguments=”/q” | Yes | Specifies the parameters for the .Net Framework installation. Must be set to enforce the silent installation of .Net Framework. |
Installation parameters:
Name | Syntax | Mandatory for silent installation? | Description |
---|---|---|---|
InstallationPath | InstallationPath=”” | No | Sets the path for the installation of Defender for Identity Sensor binaries. Default path: %programfiles%\Azure Advanced Threat Protection sensor |
AccessKey | AccessKey=”**” | Yes | Sets the access key that is used to wp-signup.php the Defender for Identity sensor with the Defender for Identity instance. |
Examples:
Use the following command to silently install the Defender for Identity sensor:
"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q" AccessKey="mmAOkLYCzfH8L/zUIsH24BIJBevlAWu7wUcSfIkRJufpuEojaDHYdjrNs0P3zpD+/bObKfLS0puD7biT5KDf3g=="
Proxy authentication
Use the following commands to complete proxy authentication:
Syntax:
Name | Syntax | Mandatory for silent installation? | Description |
---|---|---|---|
ProxyUrl | ProxyUrl=”http://proxy.contoso.com:8080″ | No | Specifies the ProxyUrl and port number for the Defender for Identity sensor. |
ProxyUserName | ProxyUserName=”Contoso\ProxyUser” | No | If your proxy service requires authentication, supply a user name in the DOMAIN\user format. |
ProxyUserPassword | ProxyUserPassword=”P@ssw0rd” | No | Specifies the password for proxy user name. *Credentials are encrypted and stored locally by the Defender for Identity sensor. |
For more information about proxy configuration, see Configure endpoint proxy and Internet connectivity settings for your Microsoft Defender for Identity Sensor.
Update the Defender for Identity sensor
Use the following command to silently update the Defender for Identity sensor:
Syntax:
"Azure ATP sensor Setup.exe" [/quiet] [/Help] [NetFrameworkCommandLineArguments="/q"]
Installation options:
Name | Syntax | Mandatory for silent installation? | Description |
---|---|---|---|
Quiet | /quiet | Yes | Runs the installer displaying no UI and no prompts. |
Help | /help | No | Provides help and quick reference. Displays the correct use of the setup command including a list of all options and behaviors. |
NetFrameworkCommandLineArguments=”/q” | NetFrameworkCommandLineArguments=”/q” | Yes | Specifies the parameters for the .Net Framework installation. Must be set to enforce the silent installation of .Net Framework. |
Examples:
To update the Defender for Identity sensor silently:
"Azure ATP sensor Setup.exe" /quiet NetFrameworkCommandLineArguments="/q"
Uninstall the Defender for Identity sensor silently
Use the following command to perform a silent uninstall of the Defender for Identity sensor:
Syntax:
"Azure ATP sensor Setup.exe" [/quiet] [/Uninstall] [/Help]
Installation options:
Name | Syntax | Mandatory for silent uninstallation? | Description |
---|---|---|---|
Quiet | /quiet | Yes | Runs the uninstaller displaying no UI and no prompts. |
Uninstall | /uninstall | Yes | Runs the silent uninstallation of the Defender for Identity sensor from the server. |
Help | /help | No | Provides help and quick reference. Displays the correct use of the setup command including a list of all options and behaviors. |
Examples:
To silently uninstall the Defender for Identity sensor from the server:
"Azure ATP sensor Setup.exe" /quiet /uninstall