Exam MS-500 topic 9 question 1 discussion

Correct answer is C. "WindowsDefenderATPOnboardingScript.cmd" is the actual name of the script that the erroneous answer is referring to, however, this script is only for onboarding after defender is already installed. Microsoft does provide a script to install defender on Github but it's separate from the one the answer is talking about. references: - https://github.com/microsoft/mdefordownlevelserver

The reason why the answer is Microsoft Monitoring Agent is because there is nothing called windows defender local onboarding script.cmd it is called (windowsdefenderatponboardingscript.cmd)https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide

The previous implementation (before April of 2022) of onboarding Windows Server 2012 R2 and Windows Server 2016 required the use of Microsoft Monitoring Agent (MMA).

You need to enable and configure Microsoft Defender for Endpoint to meet the security requirements. What should you do? -Windows server 2016, which means you can do it via GPO, via script or via packages. In this case, the only option available is the script. See documentation below that proves it. EXAMPLE: .\install.ps1 -RemoveMMA <YOUR_WORKSPACE_ID> -OnboardingScript ".\WindowsDefenderATPOnboardingScript.cmd" https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/server-migration?view=o365-worldwide#installer-script

Believe the Answer is D: "installation and onboarding packages" is the new way to onboard and WindowsDefenderATPOnboardingScript.cmd - contains the onboarding script https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide

given answer is correct. This is not asking for events forwarding, which requires port forwarding https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints