Forum Discussion
Defender for End Point adding home assets
Hi I have just been reviewing the assets in Defender for end points and I have noticed that it seems to be adding devices from peoples home network to the list. Is there a way to stop this so tha...
Hello Auror1968.
In Microsoft Defender for Endpoint, to ensure only company assets are monitored and personal devices are excluded, you can implement device management policies that restrict the network scope to company-owned assets. Specifically, you can:
- Configure Onboarding Policies: Ensure that the onboarding policies for Defender for Endpoint are applied only to company devices. This can be achieved by using group policies, configuration profiles in mobile device management (MDM) solutions, or management tools like Microsoft Endpoint Manager.
- Network Segmentation: Apply network segmentation to separate company devices from personal ones. This prevents personal devices from being inadvertently added to your monitored asset list.
- Access Control: Implement access control lists (ACLs) to limit the network accessibility of the Defender for Endpoint to recognize only the devices within the company's IP range or VLANs.
- Manual Review and Removal: Regularly review the devices listed in Defender for Endpoint and manually remove any that are identified as personal or non-company assets. This can be a more hands-on approach but ensures accuracy.
By focusing on these strategies, you can maintain a clear distinction between company and personal devices within Defender for Endpoint, ensuring your security posture remains focused and effective.
In Microsoft Defender for Endpoint, to ensure only company assets are monitored and personal devices are excluded, you can implement device management policies that restrict the network scope to company-owned assets. Specifically, you can:
- Configure Onboarding Policies: Ensure that the onboarding policies for Defender for Endpoint are applied only to company devices. This can be achieved by using group policies, configuration profiles in mobile device management (MDM) solutions, or management tools like Microsoft Endpoint Manager.
- Network Segmentation: Apply network segmentation to separate company devices from personal ones. This prevents personal devices from being inadvertently added to your monitored asset list.
- Access Control: Implement access control lists (ACLs) to limit the network accessibility of the Defender for Endpoint to recognize only the devices within the company's IP range or VLANs.
- Manual Review and Removal: Regularly review the devices listed in Defender for Endpoint and manually remove any that are identified as personal or non-company assets. This can be a more hands-on approach but ensures accuracy.
By focusing on these strategies, you can maintain a clear distinction between company and personal devices within Defender for Endpoint, ensuring your security posture remains focused and effective.