Mar 11 2022 01:10 PM
Mar 11 2022 01:10 PM
I am trying to determine how, if possible, to enable Tamper Protection but the various combination of current portals, features, and their preview/production status is making it difficult to follow. Most of my confusion is from how Tamper Protection will affect my current method of deploying policies and where those policies need to come from to work with Tamper Protection.
My devices are domain joined, managed by Configuration Manager 2111, and are being uploaded into Endpoint Manager through Tenant Attach. Tenant Attach was recently enabled for Endpoint Analytics but it is not configured with any co-management.
CM is onboarding devices to Defender for Endpoint using "Microsoft Defender for Endpoint Policies", except for where we are manually using the preview installer (not MMA method) on down-level Windows Server 2012 R2 and 2016 devices.
I am not using the "Enable security setting management" preview feature in the Microsoft 365 Defender portal under Settings, Endpoints, Enforcement Scope since that states it is for devices not yet enrolled in MEM.
CM antimalware policies are used to target various device collections and define scan schedules, exclusions, and all other available settings. Group policy is used to configure Attack Surface Reduction rules and exclusions.
1. My understanding is that I will need to change the policies currently being applied through CM antimalware policy and group policy ASR rules into a cloud source so that Tamper Protection does not cause them to be ignored - is that correct?
2. Assuming the answer to #1 is "yes", where/how is the best place to redefine these policies in this situation? Do I enable my CM device collections available for assigning policies through MEM admin center (CM device collection properties, Cloud Sync tab) and then recreate my CM antimalware policies in MEM portal to achieve the same result except I could then enable Tamper Protection?
Mar 15 2022 12:21 PM
Mar 16 2022 11:11 AM
Mar 20 2022 12:12 AM
Mar 24 2022 05:29 AM
Mar 24 2022 09:48 AM
Mar 24 2022 10:28 AMSolution
Mar 29 2022 12:40 PM
Mar 29 2022 01:16 PM
Mar 30 2022 09:55 AM