cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

When to use additional security policies

%3CLINGO-SUB%20id%3D%22lingo-sub-2006778%22%20slang%3D%22en-US%22%3EWhen%20to%20use%20additional%20security%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2006778%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20rules%20of%20thumb%20or%20guidelines%20about%20when%20an%20organization%20should%20create%20additional%20security%20policies%20in%20Endpoint%20manager%20after%20the%20Baselines%20have%20been%20implemented.%20i.e.%20what%20are%20the%20scenarios%20in%20which%20the%20baselines%20are%20not%20sufficient%20and%20additional%20configuration%20is%20recommended%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2006778%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdditional%20policies%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2011956%22%20slang%3D%22en-US%22%3ERe%3A%20When%20to%20use%20additional%20security%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2011956%22%20slang%3D%22en-US%22%3EHello%20Dean%20Gross%2C%3CBR%20%2F%3E%3CBR%20%2F%3ESecurity%20Baselines%20are%20sufficient%20in%20most%20cases%20but%20there%20might%20be%20some%20considerations%20when%20you%20look%20at%20the%20individual%20settings.%3CBR%20%2F%3EThink%20of%20Attack%20Surface%20Reduction%20(ASR)%20for%20instance%2C%20which%20blocks%20certain%20behaviors%20that%20might%20be%20normal%20for%20business%20applications%20to%20apply%20like%20downloading%20a%20file%20through%20a%20script.%3CBR%20%2F%3EIt%20all%20comes%20down%20to%20deciding%20what%20functionalities%20could%20stop%20your%20normal%20processes%20from%20running.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20would%20advice%20you%20to%20take%20a%20look%20here%20and%20see%20what%20every%20individual%20part%20of%20Defender%20for%20Endpoint%20does%20to%20decide%20whether%20you%20should%20create%20your%20own%20policies%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmicrosoft-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmicrosoft-defender-advanced-threat-protection%3C%2FA%3E%3C%2FLINGO-BODY%3E
Dean Gross
Respected Contributor

‎Dec 21 2020 07:39 AM

‎Dec 21 2020 07:39 AM

When to use additional security policies

Are there any rules of thumb or guidelines about when an organization should create additional security policies in Endpoint manager after the Baselines have been implemented. i.e. what are the scenarios in which the baselines are not sufficient and additional configuration is recommended?

Labels:
254 Views
0 Likes
1 Reply
Reply
1 Reply
BemmelenPatrick

‎Dec 23 2020 01:47 AM

‎Dec 23 2020 01:47 AM

Re: When to use additional security policies

Hello Dean Gross,

Security Baselines are sufficient in most cases but there might be some considerations when you look at the individual settings.
Think of Attack Surface Reduction (ASR) for instance, which blocks certain behaviors that might be normal for business applications to apply like downloading a file through a script.
It all comes down to deciding what functionalities could stop your normal processes from running.

I would advice you to take a look here and see what every individual part of Defender for Endpoint does to decide whether you should create your own policies:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft...
1 Like
Reply