Can anyone advice on the difference between Attack Surface Reduction policies and Security Baselines. Both are configurable through MEM under the Endpoint Security section. Lots of overlap. Not sure which I should be using and why.
Even though they look similar but they have achieve different goals.
You will use Security Baseline to check and make sure your devices are following best practices for security in general and whether they are good to protect themselves against most threats.
Attack Surface Reduction is like you have a baseline protection but they might be some unknown or 0-days threats which are not being protected yet and this is there to reduce likelihood of a successful attack.