Sep 03 2019 12:05 AM
I'm trying to get a good baseline together of default settings to apply - and the more I step into this the deeper the pile I'm wading thru - is it just me or is this all somewhat a mixed bag of a whole different way of what may or may not be applied based on the different aspects of the settings?
For instance, with Exploit Guard you can set this by the local "Settings" in Win 10 and then simply export - no such luck when you pivot to ASR, this is now either via SCCM/InTune, or if you try to enable via GPEDIT.MSC you find that you have to add GUID Strings.... really? When wading thru at this level it really does feel like I'm dealing with 5 different products that are all in various stages of "integration"...
At least one bright note was to find this doc:
https://docs.microsoft.com/en-us/office365/securitycompliance/monitor-devices#monitor-and-manage-asr...
But then as I look deeper into at least two Customers tenancies and one brand new Demo one I can't find this at all - could MS please include a generic link when creating this kind of documentation like security.microsoft.com, etc....? Any updates would be appreciated - the docs are lovely but we need the next level of detail below this please ;)