(100) Microsoft Intune - Attack Surface Rules
- Mr B SOE way
- Feb 23, 2024
- 1 min read
There are a number of ways to deploy Attack Surface Rules via Intune as per https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide
Option 1:
Navigate to https://intune.microsoft.com/ > Endpoint Security > Attack Surface Reduction
Option 2:
Navigate to https://intune.microsoft.com/ > Windows> Device Configuration > Profile type: Endpoint Protection > Expand: Microsoft Defender Exploit Guard
Option 3:
This option worked well for me as part of a recent project for implementing ACSC Security Baselines along with ASR.
Navigate to https://intune.microsoft.com/ > Windows> Device Configuration > Profile type: Setting Catalog. In the Settings picker, enter in: Attack Surface Reduction then select "Configure Attack Surface Reduction Rules"
To which you then configure as per https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide
Once your done, the overall will look like this
In PowerShell, you can verify this by running: Get-MPPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules_Ids
Commentaires