Defender ATP - Settings...

Frequent Contributor

I'm trying to get a good baseline together of default settings to apply - and the more I step into this the deeper the pile I'm wading thru - is it just me or is this all somewhat a mixed bag of a whole different way of what may or may not be applied based on the different aspects of the settings?

  • Attack Surface reduction (ASR)
  • Exploit Protection
  • Controlled Folder access
  • Network Protection
  • Hardware based isolation
  • Application Control
  • Device Control
  • Network Firewall

For instance, with Exploit Guard you can set this by the local "Settings" in Win 10 and then simply export - no such luck when you pivot to ASR, this is now either via SCCM/InTune, or if you try to enable via GPEDIT.MSC you find that you have to add GUID Strings....  really? When wading thru at this level it really does feel like I'm dealing with 5 different products that are all in various stages of "integration"... 

At least one bright note was to find this doc:

https://docs.microsoft.com/en-us/office365/securitycompliance/monitor-devices#monitor-and-manage-asr...

But then as I look deeper into at least two Customers tenancies and one brand new Demo one I can't find this at all - could MS please include a generic link when creating this kind of documentation like security.microsoft.com, etc....?  Any updates would be appreciated - the docs are lovely but we need the next level of detail below this please ;)

0 Replies