deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

lint/cleaned configure machines

Browse Source
This commit is contained in:
martyav 2019-07-30 14:43:56 -04:00
parent 54901becf6
commit d3beae478a
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
View File

@ -20,20 +20,21 @@ ms.topic: article
# Optimize ASR rule deployment and detections # Optimize ASR rule deployment and detections
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
[Attack surface reduction (ASR) rules](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) identify and prevent actions that are typically taken by malware during exploitation. These rules control when and how potentially malicious code can run. For example, you can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, or block processes that run from USB drives. [Attack surface reduction (ASR) rules](../windows-defender-exploit-guard/attack-surface-reduction.md) identify and prevent actions that are typically taken by malware during exploitation. These rules control when and how potentially malicious code can run. For example, you can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, or block processes that run from USB drives.
![Attack surface management card](images/secconmgmt_asr_card.png)<br> ![Attack surface management card](images/secconmgmt_asr_card.png)<br>
*Attack surface management card* *Attack surface management card*
The **Attack surface management** card is an entry point to tools in Microsoft 365 security center that you can use to: The **Attack surface management** card is an entry point to tools in Microsoft 365 security center that you can use to:
- Understand how ASR rules are currently deployed in your organization * Understand how ASR rules are currently deployed in your organization
- Review ASR detections and identify possible incorrect detections * Review ASR detections and identify possible incorrect detections
- Analyze the impact of exclusions and generate the list of file paths to exclude * Analyze the impact of exclusions and generate the list of file paths to exclude
Selecting **Go to attack surface management** takes you to **Monitoring & reports > Attack surface reduction rules > Add exclusions**. From there, you can navigate to other sections of Microsoft 365 security center. Selecting **Go to attack surface management** takes you to **Monitoring & reports > Attack surface reduction rules > Add exclusions**. From there, you can navigate to other sections of Microsoft 365 security center.
@ -48,6 +49,7 @@ For more information about optimizing ASR rule deployment in Microsoft 365 secur
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
# Related topics # Related topics
- [Ensure your machines are configured properly](configure-machines.md)
- [Get machines onboarded to Microsoft Defender ATP](configure-machines-onboarding.md) * [Ensure your machines are configured properly](configure-machines.md)
- [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) * [Get machines onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
* [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)