Forum Discussion
Defender for End Point adding home assets
Hi
I have just been reviewing the assets in Defender for end points and I have noticed that it seems to be adding devices from peoples home network to the list. Is there a way to stop this so that we only have the company assets in the list ?
Thanks
Nigel
3 Replies
- Hello Auror1968.
In Microsoft Defender for Endpoint, to ensure only company assets are monitored and personal devices are excluded, you can implement device management policies that restrict the network scope to company-owned assets. Specifically, you can:
- Configure Onboarding Policies: Ensure that the onboarding policies for Defender for Endpoint are applied only to company devices. This can be achieved by using group policies, configuration profiles in mobile device management (MDM) solutions, or management tools like Microsoft Endpoint Manager.
- Network Segmentation: Apply network segmentation to separate company devices from personal ones. This prevents personal devices from being inadvertently added to your monitored asset list.
- Access Control: Implement access control lists (ACLs) to limit the network accessibility of the Defender for Endpoint to recognize only the devices within the company's IP range or VLANs.
- Manual Review and Removal: Regularly review the devices listed in Defender for Endpoint and manually remove any that are identified as personal or non-company assets. This can be a more hands-on approach but ensures accuracy.
By focusing on these strategies, you can maintain a clear distinction between company and personal devices within Defender for Endpoint, ensuring your security posture remains focused and effective. In Defender for Endpoint you can go to the Advanced Features and you can turn off discovery.
This will do the trick but you should be aware of a few things:
1. Even if you turn off discovery just know that on-boarded device will still have the "SenseNDR.exe" process running. This shouldn't be an issue, some users are sensitive to this kind of thing.
2. Be really careful with this. You will lose visibility with unmanaged devices including devices from home.
3. Please review your company policy with this. I don't want to give you advice that could compromise your organizations security posture.
Please review these docs on device discovery if you have other questions:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-worldwideHope this helps.
G.
- It is probably due to device discovery being enabled in your tenant. Look under settings>Defender for Endpoint>Advanced features on the Defender portal to confirm.
