Baseline settings for VMs

%3CLINGO-SUB%20id%3D%22lingo-sub-1823750%22%20slang%3D%22en-US%22%3ERe%3A%20The%20August%207th%20Weekly%20Roundup%20is%20Posted!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1823750%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F847256%22%20target%3D%22_blank%22%3E%40Lindspea%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20question!%20It%20looks%20like%20you%20posted%20it%20originally%20in%20response%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Ftech-community-blog%2Fthe-august-7th-weekly-roundup-is-posted%2Fba-p%2F1574059%22%20target%3D%22_self%22%3EAugust%207th%20weekly%20roundup%3C%2FA%3E%2C%20which%20was%20not%20the%20correct%20place%20for%20it%2C%20so%20I%20moved%20it%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-baselines%2Fbd-p%2FSecurity-Baselines%22%20target%3D%22_self%22%3EMicrosoft%20Security%20Baselines%3C%2FA%3E%20discussion%20space.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20understanding%20and%20contributing%20to%20Tech%20Community!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1822275%22%20slang%3D%22en-US%22%3EBaseline%20settings%20for%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1822275%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EMicrosoft%20Defender%20ATP%20security%20baseline%20has%20been%20optimized%20for%20physical%20devices%20and%20is%20currently%20not%20recommended%20for%20use%20on%20virtual%20machines%20(VMs)%20or%20VDI%20endpoints.%20Which%20baseline%20settings%20are%20not%20recommended%20for%20VM's%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1831052%22%20slang%3D%22en-US%22%3ERe%3A%20The%20August%207th%20Weekly%20Roundup%20is%20Posted!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1831052%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41707%22%20target%3D%22_blank%22%3E%40Eric%20Starker%3C%2FA%3E%26nbsp%3Boops%2C%20sorry%2C%20I%20see%20that%20now.%20Thanks%20for%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1833168%22%20slang%3D%22en-US%22%3ERe%3A%20Baseline%20settings%20for%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1833168%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F847256%22%20target%3D%22_blank%22%3E%40Lindspea%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20idea%20on%20what%20policies%20are%20not%20optimized%20for%20VM%3F%3C%2FP%3E%3CP%3ESecurity%20Baseline%20for%20ATP%20remains%20the%20same%20not%20matter%20whether%20you%20are%20on%20VM%20or%20in%20host%20in%20most%20cases%2C%20however%2C%20in%20case%20you%20observe%20any%20policy%20which%20might%20not%20be%20suitable%20for%20VM%2C%20you%20may%20share%20feedback%20with%20the%20team.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Which baseline settings are not recommended for VM's?

8 Replies

@Lindspea Thanks for the question! It looks like you posted it originally in response to the August 7th weekly roundup, which was not the correct place for it, so I moved it to the Microsoft Security Baselines discussion space. 

 

Thanks for understanding and contributing to Tech Community! 

@Eric Starker oops, sorry, I see that now. Thanks for that.

 

@Lindspea 

Do you have any idea on what policies are not optimized for VM?

Security Baseline for ATP remains the same not matter whether you are on VM or in host in most cases, however, in case you observe any policy which might not be suitable for VM, you may share feedback with the team.

 

@Reza_Ameri-Archived  thank you. In this document https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machi... it states "The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments." Which baseline settings are they referring to that can impact those sessions on Virtual environments?

@Lindspea 

You are correct.

You may share feedback with Windows Intune team:

https://microsoftintune.uservoice.com/forums/291681-ideas 

@Reza_Ameri-Archived - Lindspea is asking a question, not providing feedback. This discussion forum would seem to be the right place to request that information.

@AaronMargosis_individ 

I though he was asking question but as you followed his posts, he already knows this feature is NOT supported, therefore, I ask to share feedback using UserVoice , so the product team could review and other users upvote it.

@Reza_Ameri-Archived 

I don't understand what you mean. @Lindspea asked a question in the wrong forum. @Eric Starker moved it here as a more appropriate place to ask the question. It's not about a feature. It's about a baseline -- i.e., a cohesive group of settings -- which (apparently) is not recommended for VMs. The question is: which of those settings can cause problems in VMs?