Forum Discussion
David Caddick
Sep 03, 2019Iron Contributor
Defender ATP - Settings...
I'm trying to get a good baseline together of default settings to apply - and the more I step into this the deeper the pile I'm wading thru - is it just me or is this all somewhat a mixed bag of a whole different way of what may or may not be applied based on the different aspects of the settings?
- Attack Surface reduction (ASR)
- Exploit Protection
- Controlled Folder access
- Network Protection
- Hardware based isolation
- Application Control
- Device Control
- Network Firewall
For instance, with Exploit Guard you can set this by the local "Settings" in Win 10 and then simply export - no such luck when you pivot to ASR, this is now either via SCCM/InTune, or if you try to enable via GPEDIT.MSC you find that you have to add GUID Strings.... really? When wading thru at this level it really does feel like I'm dealing with 5 different products that are all in various stages of "integration"...
At least one bright note was to find this doc:
https://docs.microsoft.com/en-us/office365/securitycompliance/monitor-devices#monitor-and-manage-asr-rule-deployment-and-detections
But then as I look deeper into at least two Customers tenancies and one brand new Demo one I can't find this at all - could MS please include a generic link when creating this kind of documentation like security.microsoft.com, etc....? Any updates would be appreciated - the docs are lovely but we need the next level of detail below this please 😉
No RepliesBe the first to reply