The picture below illustrates the threat protection life cycle. Implementing ASR rules is a great place to start. Microsoft recommends a balanced and pragmatic approach focused on reducing the overall attack surface. It’s recommended to test in Audit mode before you decide and enable any of the ASR rules in enforce mode. By creating and configuring a new ASR rule policy in MEM, this will further strengthen your overall security posture.
I hope you found the first series beneficial as this series will add on to securing and protecting your overall attack surface. In the last series, I gave an in depth overview of MEM, the licensing, several features it has to assist IT professionals, and then walked you through the steps of creating a Windows Defender Antivirus policy. In this tutorial I will walk you through the steps of creating an Attack Surface Reduction (ASR) rule policy in Microsoft Endpoint Manager (MEM) for your Windows Operating Systems and how to view the detections once applied. This is John Barbare and I am a Sr Premier Field Engineer at Microsoft focusing on all things in the Cybersecurity space.
0 kommentar(er)
