Jump to content

How are you handling Windows Defender ATP on Instant Clones?

amr

By amr
in Horizon 8

 Share
Go to solution Solved by Jubish Jose,

Recommended Posts

amr Rookie

amr

Posted
Posted (edited)

Good morning all,

We have recently kicked off a project to get Defender for Endpoint going and replacing NSX/TrendMicro DeepSecurity.  I have read the numerous articles from TechZone and Microsoft a few times each to get an understanding on the best path forward.

Key points I've taken away:

- Don't onboard the golden image

- We want a single entry for each VM, so use the appropriate on boarding scripts for VDI

- Use GPO locally, in AD, or post sync script to onboard instant clones

- Follow the TechZone article and be diligent about exclusions and things unique to VDI

With all that said, how are you managing on boarding ICs with Defender? To me the scripts linked to the IC OUs is probably the method we'll go. We have had issues in the past with post sync scripts timing out and VMs failing to create.

Are there any caveats or gotchas to watch out for with this entire system?

Edited by ram012
Link to comment
Share on other sites
  • amr changed the title to How are you handling Windows Defender ATP on Instant Clones?
  • 4 weeks later...
  • Replies 5
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

amr
amr

Incredibly helpful post, thank you!  I was in the process of turning those scheduled tasks off as we speak. thanks so much.

Jubish Jose Rookie

Jubish Jose

Posted
Posted

We did a lot of testing and and now its stable. One of the issues that we faced was the CPU usage got vey high on the VMs when the users login. We opened a ticket with Microsoft etc., but we ended up doubling our VM CPUs (this was in plan already so it was not a tough decision).

Re script, we run it as a post-sync script on the pools, but it can be done via GPO as well.

Link to comment
Share on other sites
amr Rookie

amr

Posted
  • Author
Posted
7 hours ago, Jubish Jose said:

We did a lot of testing and and now its stable. One of the issues that we faced was the CPU usage got vey high on the VMs when the users login. We opened a ticket with Microsoft etc., but we ended up doubling our VM CPUs (this was in plan already so it was not a tough decision).

Re script, we run it as a post-sync script on the pools, but it can be done via GPO as well.

thanks!

What did you go from CPU wise? We are currently on 2x CPU.

Link to comment
Share on other sites
Jubish Jose Rookie

Jubish Jose

Posted
Posted
29 minutes ago, amr said:

thanks!

What did you go from CPU wise? We are currently on 2x CPU.

We are using heavy graphics apps, so we upgraded from  4 vCPUs to 8 vCPUs. Again, 2 vCPUs could be good enough depending on the work load. but we were seeing the CPU spike to 100%  just after the user login and it used to settle down eventually.

Link to comment
Share on other sites
amr Rookie

amr

Posted
  • Author
Posted
14 minutes ago, Jubish Jose said:

Lot of interesting discussions here, could be worth a read: 

 

Incredibly helpful post, thank you!  I was in the process of turning those scheduled tasks off as we speak. thanks so much.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...