08-19-2019 01:47 AM
08-26-2019 12:14 AM
@David Caddick - here's the MDATP onboarding step by step guide - deployment options:https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-c...
08-26-2019 12:27 AM
Thanks @Hesham Saad, understood, maybe I didn't phrase it very well?
What I was looking for was anything similar to "Deployment Guide" for Azure MFA for instance?
By this I mean, a very real and practical guide to a list of the the design decisions + various options, plus guidance on the consequences of those decisions - I'm going to assume that this doesn't exist as yet.
The on-boarding & off-boarding process is quite well documented in the Admin console under settings on the last two items - what I was looking for was any docs around these design decisions, but that's OK I've started creating it based on the latest high level slide deck.
01-28-2020 11:45 AMSolution
01-28-2020 02:08 PM
Thanks @Ryen Macababbad I've already provided some feedback on Yammer.
Question - there doesn't appear to be much focus on applying the "Audit Only" settings and collecting data before changing to enforced? Some of the settings will have the capacity to be disruptive to business if pushed too aggressively too quickly? Thoughts?
01-28-2020 02:49 PM
@David Caddick Are you talking about Attack Surface Reduction Rules? In the ASR section (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/productio...) you'll see "In audit mode there is no end user impact all it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step by step move security controls into block mode."
What do you propose?
01-29-2020 11:09 PM
Hi @Ryen Macababbad, I guess I'm hinting at the fact that it feels a bit like as a Deployment Guide it's a bit underdone? I'm not too worried as we have already run thru this ourselves and created our own.
But even the link in the Deployment Guide for ASR under rank = 3 is just a link to the overview of ASR Settings - I would have thought that it's not a bad idea to at least mention the Audit mode and some basic recommendation with a direct link would be an improvement?
Going slightly off topic - when we look at these specific settings in Intune they are all over the place, no grouping, not even in alphabetical order - that could really do with a clean up?
01-30-2020 12:17 AM