Attack surface rules policies

Question 1

What is the purpose of attack surface reduction (ASR) policies?

Answer 1

To reduce the attack surface of devices by minimizing vulnerabilities to cyberthreats and attacks.

ASR policies help organizations enhance their security posture.

Question 2

What are the 2 prerequisites for Attack surface reduction profiles?

Answer 2

• Devices must run Windows 10 or Windows 11
• Defender antivirus must be the primary antivirus on the device.

These prerequisites ensure compatibility and effectiveness of ASR policies.

Question 3

Which 3 systems support Attack surface reduction when using Security Management for Microsoft Defender for Endpoint?

Answer 3

• Windows 10,
• Windows 11
• Windows Server

This applies to devices onboarded to Defender without enrollment with Intune.

Question 4

What must be set up for Configuration Manager clients to support Attack surface reduction?

Answer 4

Tenant attach for Configuration Manager devices.

This allows integration with Microsoft Defender for Endpoint.

Question 5

What are Attack Surface Reduction Rules?

Answer 5

Settings that target behaviors commonly used by malware and malicious apps to infect computers, including:
* Executable files and scripts in Office apps or web mail
* Obfuscated or suspicious scripts
* Unusual app behaviors during normal work

Question 6

What does Device Control settings configure?

Answer 6

It configures devices for a layered approach to secure removable media and provides monitoring and control features to prevent threats from unauthorized peripherals.

Question 7

What is the purpose of App and Browser Isolation?

Answer 7

It manages settings for Windows Defender Application Guard to prevent attacks and isolate untrusted sites while defining trusted sites, cloud resources, and internal networks.

Question 8

What does Application Control help mitigate?

Answer 8

It helps mitigate security threats by restricting applications that users can run and the code that runs in the System Core (kernel), including blocking unsigned scripts and MSIs.

Question 9

What is Exploit Protection?

Answer 9

Settings that help protect against malware using exploits to infect devices and spread, consisting of many mitigations applicable to the operating system or individual apps.

Question 10

What does Web Protection in Microsoft Edge Legacy manage?

Answer 10

It configures network protection to secure machines against web threats, including:
* Network protection
* SmartScreen
* Blocking access to malicious sites

Question 11

What devices can be managed by Defender for Endpoint without Intune?

Answer 11

Devices running Windows 10, Windows 11, and Windows Server.

Question 12

Which profiles are supported for devices managed by Defender that aren’t enrolled with Intune?

Answer 12

Attack Surface Reduction Rules

Question 13

List the profiles available for devices managed by Configuration Manager.

Answer 13

• App and Browser Isolation
• Attack Surface Reduction Rules
• Exploit Protection
• Web Protection

Question 14

What are the 4 steps to create an ASR rule ?

Answer 14

1. Navigate to Endpoint security > Attack surface reduction
2. Platform : Windows
3. Profile: select one of the following and click Create:
   ■ App and Browser Isolation
   ■ Attack Surface Reduction Rules
   ■ Device Control
   ■ Exploit Protection
   ■ Web protection (Microsoft Edge Legacy)
   ■ Application control
4. Configuration settings Depending on the option you choose displays different options.