Security recommendations for Servers appeared after 18th March

NBfromFJ · ‎Apr 14 2020

Hello Community,

I hope someone may know the answer to this. I noticed an increase in the total number of machines for some of the Security recommendations within WDATP for a number of recommendations. Such as Disable 'Enumerate administrator accounts on elevation'. I noticed the number had increased by exactly the number of servers we have deployed within our estate. I have checked GPO and confirmed this has never been set for these devices in the past, but suddenly WDATP Started detecting it after the 18th March. These devices have been on-boarded for almost a year now, and I am interested in why WDATP may suddenly be detecting Security Recommendations for servers which were already onboarded. Or where I can check if any changes or updates have been applied.

Ambarish RH · ‎May 18 2020

@NBfromFJ

How did you onboard the servers? If you used the Azure security center to install the Microsoft Monitoring agent, then you should see the recommendations on the AZ security center recommendation page as well. https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5

The portal is evolving and now actively reports various factors like below. These are also reflected on MDATP portal as security recommendations. Its a great way to set policies and increase your protection score.

NOTE: I would recommend to carefully analyze each recommendation and see if it causes more issues, you dont need to follow EVERY action points, if you do so you might end up having a broken system. So evaluate, plan, test and then apply on production systems.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Security recommendations for Servers appeared after 18th March

Security recommendations for Servers appeared after 18th March

Re: Security recommendations for Servers appeared after 18th March