Jump to content

How are you handling Windows Defender ATP on Instant Clones?


Go to solution Solved by Jubish Jose,

Recommended Posts

Posted (edited)

Good morning all,

We have recently kicked off a project to get Defender for Endpoint going and replacing NSX/TrendMicro DeepSecurity.  I have read the numerous articles from TechZone and Microsoft a few times each to get an understanding on the best path forward.

Key points I've taken away:

- Don't onboard the golden image

- We want a single entry for each VM, so use the appropriate on boarding scripts for VDI

- Use GPO locally, in AD, or post sync script to onboard instant clones

- Follow the TechZone article and be diligent about exclusions and things unique to VDI

With all that said, how are you managing on boarding ICs with Defender? To me the scripts linked to the IC OUs is probably the method we'll go. We have had issues in the past with post sync scripts timing out and VMs failing to create.

Are there any caveats or gotchas to watch out for with this entire system?

Edited by ram012
  • amr changed the title to How are you handling Windows Defender ATP on Instant Clones?
  • 4 weeks later...
  • Replies 5
  • Created
  • Last Reply

Top Posters In This Topic

Posted

We did a lot of testing and and now its stable. One of the issues that we faced was the CPU usage got vey high on the VMs when the users login. We opened a ticket with Microsoft etc., but we ended up doubling our VM CPUs (this was in plan already so it was not a tough decision).

Re script, we run it as a post-sync script on the pools, but it can be done via GPO as well.

Posted
7 hours ago, Jubish Jose said:

We did a lot of testing and and now its stable. One of the issues that we faced was the CPU usage got vey high on the VMs when the users login. We opened a ticket with Microsoft etc., but we ended up doubling our VM CPUs (this was in plan already so it was not a tough decision).

Re script, we run it as a post-sync script on the pools, but it can be done via GPO as well.

thanks!

What did you go from CPU wise? We are currently on 2x CPU.

Posted
29 minutes ago, amr said:

thanks!

What did you go from CPU wise? We are currently on 2x CPU.

We are using heavy graphics apps, so we upgraded from  4 vCPUs to 8 vCPUs. Again, 2 vCPUs could be good enough depending on the work load. but we were seeing the CPU spike to 100%  just after the user login and it used to settle down eventually.

  • Solution
Posted
37 minutes ago, amr said:

thanks!

What did you go from CPU wise? We are currently on 2x CPU.

Lot of interesting discussions here, could be worth a read: 

 

Posted
14 minutes ago, Jubish Jose said:

Lot of interesting discussions here, could be worth a read: 

 

Incredibly helpful post, thank you!  I was in the process of turning those scheduled tasks off as we speak. thanks so much.

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...