deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
martyav 2993285bc1 updated links in non-TOC pages
2019-08-21 16:02:08 -04:00

3.4 KiB
Raw Blame History

title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Optimize ASR rule deployment and detections Ensure your attack surface reduction (ASR) rules are fully deployed and optimized to effectively identify and prevent actions that are typically taken by malware during exploitation. onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, attack surface reduction, ASR, security baseline eADQiWindows 10XVcnh met150 w10 deploy library security lomayor lomayor medium dansimp ITPro M365-security-compliance article

Optimize ASR rule deployment and detections

Applies to:

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Attack surface reduction (ASR) rules identify and prevent actions that are typically taken by malware during exploitation. These rules control when and how potentially malicious code can run. For example, you can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, or block processes that run from USB drives.

Attack surface management card
Attack surface management card

The Attack surface management card is an entry point to tools in Microsoft 365 security center that you can use to:

  • Understand how ASR rules are currently deployed in your organization
  • Review ASR detections and identify possible incorrect detections
  • Analyze the impact of exclusions and generate the list of file paths to exclude

Selecting Go to attack surface management takes you to Monitoring & reports > Attack surface reduction rules > Add exclusions. From there, you can navigate to other sections of Microsoft 365 security center.

Add exclusions tab in the Attack surface reduction rules page in Microsoft 365 security center
Add exclusions tab in the Attack surface reduction rules page in Microsoft 365 security center

Note

To access Microsoft 365 security center, you need a Microsoft 365 E3 or E5 license and an account that has certain roles on Azure Active Directory. Read more about required licenses and permissions

For more information about optimizing ASR rule deployment in Microsoft 365 security center, read Monitor and manage ASR rule deployment and detections

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Related topics