Event banner

Building a tamper-resilient endpoint with Microsoft Intune and Microsoft Defender

Event Ended
Wednesday, Oct 26, 2022, 09:30 AM PDT
Online

Event details

Come listen to Matt and Josh talk about how secure endpoint configurations fit into your zero trust strategy. They'll describe the overall landscape, how to unify your configurations into a single so...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
Paul_Woodward's avatar
Paul_Woodward
Iron Contributor
Oct 27, 2022
If we set ASR rules and it breaks something, can we easily stop applying them and get back to where I started from? No tattooing, in other words. I can't break an app and be unable to fix it again. Also, we can see the logs for LSA protection, and there is a ton of stuff in there. It's impossible to deal with manually. How can we exclude 'unimportant' noise from the logs?
JoshBregman's avatar
JoshBregman
Icon for Microsoft rankMicrosoft
Nov 03, 2022

You can manage ASR rules via Microsoft Intune - Enable attack surface reduction rules with Intune

ASR rules do not make any changes to applications.  They only block behaviors when enabled in block mode.  If you are having issues you can Report and troubleshoot Microsoft Defender for Endpoint ASR Rules | Microsoft Learn.  

You can also exclude files and folders from ASR rules as a last resort - Enable attack surface reduction rules | Microsoft Learn

Date and Time
Oct 26, 20229:30 AM - 10:00 AM PDT