Forum Discussion
MDATP - Deployment Guide & Best Practices?
Hi All,
Is anyone aware of a Best Practices or Deployment guide?
Defender ATP has had a lot of changes in the last months and I'm guessing it doesn't exist, but asking the question anyway...
- David CaddickIron Contributor
Thanks Ryen Macababbad I've already provided some feedback on Yammer.
Question - there doesn't appear to be much focus on applying the "Audit Only" settings and collecting data before changing to enforced? Some of the settings will have the capacity to be disruptive to business if pushed too aggressively too quickly? Thoughts?
- Ryen MacababbadMicrosoft
David Caddick Are you talking about Attack Surface Reduction Rules? In the ASR section (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/production-deployment#attack-surface-reduction) you'll see "In audit mode there is no end user impact all it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step by step move security controls into block mode."
What do you propose?
- Hesham_SaadMicrosoft
David Caddick - here's the MDATP onboarding step by step guide - deployment options:https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-configure
- David CaddickIron Contributor
Thanks Hesham_Saad, understood, maybe I didn't phrase it very well?
What I was looking for was anything similar to "Deployment Guide" for Azure MFA for instance?
By this I mean, a very real and practical guide to a list of the the design decisions + various options, plus guidance on the consequences of those decisions - I'm going to assume that this doesn't exist as yet.
The on-boarding & off-boarding process is quite well documented in the Admin console under settings on the last two items - what I was looking for was any docs around these design decisions, but that's OK I've started creating it based on the latest high level slide deck.
- Joe StockerBronze ContributorHere is the guide that we use to configure Microsoft Defender for Endpoint best practices https://www.thecloudtechnologist.com/mdatp-best-practices/
- KentMitchellMicrosoft
If anyone reading this is looking for step-by-step guidance on how to install Microsoft Defender for Endpoint, be sure to review the Defender setup guide in the Microsoft 365 admin center.
The guide has a great feature where it can detect settings in your tenant to provide tailored guidance. Additionally, the setup guide is used to view and configure features as well as save time with automated investigation and response. Microsoft Defender for Endpoint enables enhanced security by protecting cyber threats, advanced attacks and data breaches, automate security incidents, and enhance the current level of security already in place.
Note: If you don't have Microsoft 365 admin permissions, open the guide in a test or POC tenant to get instructions.