How To Disable Windows Licensing Monitoring Service

admin
-->

Launch the LMTOOLS utility using one of the following methods: Start All Programs Autodesk Network License Manager LMTOOLS Utility Run the LMTOOLS Utility icon from the desktop Double-click the lmtools.exe file in the install folder: Click the Start/Stop/Reread tab and click Stop Server. Close LMTOOLS.

Applies to:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server, version 1803
  • Windows Server, 2019 and later

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.

The service supports the onboarding of the following servers:

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server, version 1803
  • Windows Server 2019 and later

For a practical guidance on what needs to be in place for licensing and infrastructure, see Protecting Windows Servers with Microsoft Defender ATP.

Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016

There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP:

  • Option 1: Onboard through Microsoft Defender Security Center
  • Option 2: Onboard through Azure Security Center

Note

Microsoft defender ATP standalone server license is required, per node, in order to onboard the server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a server through Azure Security Center (Option 2), see Supported features available in Azure Security Center.

Option 1: Onboard servers through Microsoft Defender Security Center

You'll need to take the following steps if you choose to onboard servers through Microsoft Defender Security Center.

  • For Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:

    • Install the February monthly update rollup
    • Install the Update for customer experience and diagnostic telemetry
    • Install either .NET framework 4.5 (or later) or KB3154518

  • For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.

Note

This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2.

  • Turn on server monitoring from Microsoft Defender Security Center.
  • If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see Collect log data with Azure Log Analytics agent.

Tip

After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see Run a detection test on a newly onboarded Microsoft Defender ATP endpoint.

Configure and update System Center Endpoint Protection clients

Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.

The following steps are required to enable this integration:

  • Install the January 2017 anti-malware platform update for Endpoint Protection clients
  • Configure the SCEP client Cloud Protection Service membership to the Advanced setting

Turn on Server monitoring from the Microsoft Defender Security Center portal

  1. In the navigation pane, select Settings > Machine management > Onboarding.

  2. Select Windows Server 2012 R2 and 2016 as the operating system.

  3. Click Turn on server monitoring and confirm that you'd like to proceed with the environment setup. When the setup completes, the Workspace ID and Workspace key fields are populated with unique values. You'll need to use these values to configure the MMA agent.

Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP

  1. Download the agent setup file: Windows 64-bit agent.

  2. Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the server:

    • Manually install the agent using setup
      On the Agent Setup Options page, choose Connect the agent to Azure Log Analytics (OMS).
    • Install the agent using the command line and configure the agent using a script.

  3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see Configure proxy settings.

Once completed, you should see onboarded servers in the portal within an hour.

Configure server proxy and Internet connectivity settings

  • Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the OMS Gateway.
  • If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you enable access to Microsoft Defender ATP service URLs.

Option 2: Onboard servers through Azure Security Center

  1. In the navigation pane, select Settings > Machine management > Onboarding.

  2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system.

  3. Click Onboard Servers in Azure Security Center.

  4. Follow the onboarding instructions in Microsoft Defender Advanced Threat Protection with Azure Security Center.

Windows Server, version 1803 and Windows Server 2019

To onboard Windows Server, version 1803 or Windows Server 2019, refer to the supported methods and versions below.

Note

The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see Packages and programs in Configuration Manager.

Supported tools include:

  • Local script
  • Group Policy
  • Microsoft Endpoint Configuration Manager
  • System Center Configuration Manager 2012 / 2012 R2 1511 / 1602
  • VDI onboarding scripts for non-persistent machines

For more information, see Onboard Windows 10 machines.

Support for Windows Server, provide deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.

  1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see Onboard Windows 10 machines.

  2. If you're running a third-party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings. Verify that it was configured correctly:

    a. Set the following registry entry:- Path: HKLMSOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection- Name: ForceDefenderPassiveMode- Value: 1

    b. Run the following PowerShell command to verify that the passive mode was configured:

    c. Confirm that a recent event containing the passive mode event is found:

  3. Run the following command to check if Windows Defender AV is installed:

    sc query Windefend

    If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see Windows Defender Antivirus in Windows 10.

Integration with Azure Security Center

Microsoft Defender ATP can integrate with Azure Security Center to provide a comprehensive server protection solution. With this integration, Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.

The following capabilities are included in this integration:

  • Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see Onboarding to Azure Security Center Standard for enhanced security.

    Note

    Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.

  • Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.

  • Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach

Important

  • When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
  • If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.

Offboard servers

You can offboard Windows Server, version 1803 and Windows 2019 in the same method available for Windows 10 client machines.

For other server versions, you have two options to offboard servers from the service:

  • Uninstall the MMA agent
  • Remove the Microsoft Defender ATP workspace configuration

Note

Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.

Uninstall servers by uninstalling the MMA agent

To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Microsoft Defender ATP.For more information, see To disable an agent.

Remove the Microsoft Defender ATP workspace configuration

To offboard the server, you can use either of the following methods:

  • Remove the Microsoft Defender ATP workspace configuration from the MMA agent
  • Run a PowerShell command to remove the configuration

Remove the Microsoft Defender ATP workspace configuration from the MMA agent

  1. In the Microsoft Monitoring Agent Properties, select the Azure Log Analytics (OMS) tab.

  2. Select the Microsoft Defender ATP workspace, and click Remove.

Run a PowerShell command to remove the configuration

  1. Get your Workspace ID:a. In the navigation pane, select Settings > Onboarding.

    b. Select Windows Server 2012 R2 and 2016 as the operating system and get your Workspace ID:

  2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing WorkspaceID:

Related topics

-->

Office 365 subscriptions come with service plans for individual services. Office 365 administrators often need to disable certain plans when assigning licenses to users. With the instructions in this article, you can assign an Office 365 license while disabling specific service plans using PowerShell for an individual user account or multiple user accounts.

Use the Azure Active Directory PowerShell for Graph module

First, connect to your Office 365 tenant.

Next, list the license plans for your tenant with this command.

Next, get the sign-in name of the account to which you want add a license, also known as the user principal name (UPN).

Next, compile a list of services to enable. For a complete list of license plans (also known as product names), their included service plans, and their corresponding friendly names, see Product names and service plan identifiers for licensing.

For the command block below, fill in the user principal name of the user account, the SKU part number, and the list of service plans to enable and remove the explanatory text and the < and > characters. Then, run the resulting commands at the PowerShell command prompt.

Use the Microsoft Azure Active Directory Module for Windows PowerShell

First, connect to your Office 365 tenant.

Next, run this command to see your current subscriptions:

Note

PowerShell Core does not support the Microsoft Azure Active Directory Module for Windows PowerShell module and cmdlets with Msol in their name. To continue using these cmdlets, you must run them from Windows PowerShell.

In the display of the Get-MsolAccountSku command:

  • AccountSkuId is a subscription for your organization in <OrganizationName>:<Subscription> format. The <OrganizationName> is the value that you provided when you enrolled in Office 365, and is unique for your organization. The <Subscription> value is for a specific subscription. For example, for litwareinc:ENTERPRISEPACK, the organization name is litwareinc, and the subscription name is ENTERPRISEPACK (Office 365 Enterprise E3).

  • ActiveUnits is the number of licenses that you've purchased for the subscription.

  • WarningUnits is the number of licenses in a subscription that you haven't renewed, and that will expire after the 30-day grace period.

  • ConsumedUnits is the number of licenses that you've assigned to users for the subscription.

Note the AccountSkuId for your Office 365 subscription that contains the users you want to license. Also, ensure that there are enough licenses to assign (subtract ConsumedUnits from ActiveUnits ).

Next, run this command to see the details about the Office 365 service plans that are available in all your subscriptions:

From the display of this command, determine which service plans you would like to disable when you assign licenses to users.

Here is a partial list of service plans and their corresponding Office 365 services.

The following table shows the Office 365 service plans and their friendly names for the most common services. Your list of service plans might be different.

Service planDescription
SWAY
Sway
TEAMS1
Microsoft Teams
YAMMER_ENTERPRISE
Yammer
RMS_S_ENTERPRISE
Azure Rights Management (RMS)
OFFICESUBSCRIPTION
Microsoft 365 Apps for enterprise (previously named Office 365 ProPlus)
MCOSTANDARD
Skype for Business Online
SHAREPOINTWAC
Office
SHAREPOINTENTERPRISE
SharePoint Online
EXCHANGE_S_ENTERPRISE
Exchange Online Plan 2

For a complete list of license plans (also known as product names), their included service plans, and their corresponding friendly names, see Product names and service plan identifiers for licensing.

Now that you have the AccountSkuId and the service plans to disable, you can assign licenses for an individual user or for multiple users.

For a single user

For a single user, fill in the user principal name of the user account, the AccountSkuId, and the list of service plans to disable and remove the explanatory text and the < and > characters. Then, run the resulting commands at the PowerShell command prompt.

Here is an example command block for the account named belindan@contoso.com, for the contoso:ENTERPRISEPACK license, and the service plans to disable are RMS_S_ENTERPRISE, SWAY, INTUNE_O365, and YAMMER_ENTERPRISE:

For multiple users

To perform this administration task for multiple users, create a comma-separated value (CSV) text file that contains the UserPrincipalName and UsageLocation fields. Here is an example:

Next, fill in the location of the input and output CSV files, the account SKU ID, and the list of service plans to disable, and then run the resulting commands at the PowerShell command prompt.

This PowerShell command block: Heroes of might and magic 6 cheats.

  • Displays the user principal name of each user.

  • Assigns customized licenses to each user.

  • Creates a CSV file with all the users that were processed and shows their license status.

See also