deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update best-practices-attack-surface-reduction-rules.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-12-29 16:00:23 -08:00
parent 3525787146
commit e90667baf9
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
View File

@ -1,5 +1,5 @@
--- ---
title: Best practices with attack surface reduction rules title: Tips and best practices for attack surface reduction rules
description: Prevent issues from arising with your attack surface reduction rules by following these best practices description: Prevent issues from arising with your attack surface reduction rules by following these best practices
keywords: Microsoft Defender ATP, attack surface reduction, best practices keywords: Microsoft Defender ATP, attack surface reduction, best practices
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -19,14 +19,33 @@ ms.collection:
- m365initiative-defender-endpoint - m365initiative-defender-endpoint
--- ---
# Best practices with attack surface reduction rules # Tips and best practices for attack surface reduction rules
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
*ASR guidance for deploying rules (links to Antonios blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports)* <!--ASR guidance for deploying rules (links to Antonios blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports) and 8. Policy conflict (details about what happens with conflicting policies, what happens when settings from different policies are merged)
-->
Whether you're about to enable or have already deployed attack surface reduction rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
## Use a phased approach
Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. This approach enables you to see how attack surface reduction rules work in your environment and gives you flexibility in applying exclusions. You can do this with dynamic membership rules.
<!--Siddarth, we need to find the info about how to set up dynamic membership rules and add a procedure here.-->
## Use code signing for applications
## Get the Power BI report template
https://github.com/microsoft/MDATP-PowerBI-Templates
## Avoid policy conflicts
## See the demystifying blogs