Forum Discussion

Iron Contributor

Aug 19, 2019

Solved

MDATP - Deployment Guide & Best Practices?

Hi All, Is anyone aware of a Best Practices or Deployment guide? Defender ATP has had a lot of changes in the last months and I'm guessing it doesn't exist, but asking the question anyway...

Ryen Macababbad
Jan 28, 2020
Here you go: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/product-brief

David Caddick

Iron Contributor

Jan 29, 2020

Hi Ryen Macababbad, I guess I'm hinting at the fact that it feels a bit like as a Deployment Guide it's a bit underdone? I'm not too worried as we have already run thru this ourselves and created our own.

But even the link in the Deployment Guide for ASR under rank = 3 is just a link to the overview of ASR Settings - I would have thought that it's not a bad idea to at least mention the Audit mode and some basic recommendation with a direct link would be an improvement?

Going slightly off topic - when we look at these specific settings in Intune they are all over the place, no grouping, not even in alphabetical order - that could really do with a clean up?

Dave C

Ryen Macababbad

Former Employee

Jan 30, 2020

Direct messaged you to gain more clarity on the deployment guide feedback.

As far as Intune is concerned, I expect Microsoft Endpoint Manager (MEM) and the work on the DMAC portal at https://devicemanager.microsoft.com will address this "clean up" 🙂 Stay tuned

Tsachev
Copper Contributor
Jan 25, 2021
Audit mode is not available for Automated Investigations unless you prompt user or auto-respond and EDR block mode also has to audit mode feature. Also ASR rules and EDR Block Mode can't be applied per group 😞 This looks like a beta version to be honest. Definitely desires better documentation.