Defender ATP - Settings...

%3CLINGO-SUB%20id%3D%22lingo-sub-834075%22%20slang%3D%22en-US%22%3EDefender%20ATP%20-%20Settings...%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-834075%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20get%20a%20good%20baseline%20together%20of%20default%20settings%20to%20apply%20-%20and%20the%20more%20I%20step%20into%20this%20the%20deeper%20the%20pile%20I'm%20wading%20thru%20-%20is%20it%20just%20me%20or%20is%20this%20all%20somewhat%20a%20mixed%20bag%20of%20a%20whole%20different%20way%20of%20what%20may%20or%20may%20not%20be%20applied%20based%20on%20the%20different%20aspects%20of%20the%20settings%3F%3C%2FP%3E%3CUL%3E%3CLI%3EAttack%20Surface%20reduction%20(ASR)%3C%2FLI%3E%3CLI%3EExploit%20Protection%3C%2FLI%3E%3CLI%3EControlled%20Folder%20access%3C%2FLI%3E%3CLI%3ENetwork%20Protection%3C%2FLI%3E%3CLI%3EHardware%20based%20isolation%3C%2FLI%3E%3CLI%3EApplication%20Control%3C%2FLI%3E%3CLI%3EDevice%20Control%3C%2FLI%3E%3CLI%3ENetwork%20Firewall%3C%2FLI%3E%3C%2FUL%3E%3CP%3EFor%20instance%2C%20with%20Exploit%20Guard%20you%20can%20set%20this%20by%20the%20local%20%22Settings%22%20in%20Win%2010%20and%20then%20simply%20export%20-%20no%20such%20luck%20when%20you%20pivot%20to%20ASR%2C%20this%20is%20now%20either%20via%20SCCM%2FInTune%2C%20or%20if%20you%20try%20to%20enable%20via%20GPEDIT.MSC%20you%20find%20that%20you%20have%20to%20add%20GUID%20Strings....%26nbsp%3B%20really%3F%20When%20wading%20thru%20at%20this%20level%20it%20really%20does%20feel%20like%20I'm%20dealing%20with%205%20different%20products%20that%20are%20all%20in%20various%20stages%20of%20%22integration%22...%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EAt%20least%20one%20bright%20note%20was%20to%20find%20this%20doc%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fmonitor-devices%23monitor-and-manage-asr-rule-deployment-and-detections%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fmonitor-devices%23monitor-and-manage-asr-rule-deployment-and-detections%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20then%20as%20I%20look%20deeper%20into%20at%20least%20two%20Customers%20tenancies%20and%20one%20brand%20new%20Demo%20one%20I%20can't%20find%20this%20at%20all%20-%20could%20MS%20please%20include%20a%20generic%20link%20when%20creating%20this%20kind%20of%20documentation%20like%20security.microsoft.com%2C%20etc....%3F%26nbsp%3B%20Any%20updates%20would%20be%20appreciated%20-%20the%20docs%20are%20lovely%20but%20we%20need%20the%20next%20level%20of%20detail%20below%20this%20please%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

I'm trying to get a good baseline together of default settings to apply - and the more I step into this the deeper the pile I'm wading thru - is it just me or is this all somewhat a mixed bag of a whole different way of what may or may not be applied based on the different aspects of the settings?

  • Attack Surface reduction (ASR)
  • Exploit Protection
  • Controlled Folder access
  • Network Protection
  • Hardware based isolation
  • Application Control
  • Device Control
  • Network Firewall

For instance, with Exploit Guard you can set this by the local "Settings" in Win 10 and then simply export - no such luck when you pivot to ASR, this is now either via SCCM/InTune, or if you try to enable via GPEDIT.MSC you find that you have to add GUID Strings....  really? When wading thru at this level it really does feel like I'm dealing with 5 different products that are all in various stages of "integration"... 

At least one bright note was to find this doc:

https://docs.microsoft.com/en-us/office365/securitycompliance/monitor-devices#monitor-and-manage-asr...

But then as I look deeper into at least two Customers tenancies and one brand new Demo one I can't find this at all - could MS please include a generic link when creating this kind of documentation like security.microsoft.com, etc....?  Any updates would be appreciated - the docs are lovely but we need the next level of detail below this please ;)

0 Replies