Every day security vulnerabilities in apps create risk for potentially exploitable paths that a malicious actor might attempt to use in order to compromise a device in your infrastructure. To prevent this, you can use Microsoft Defender to apply policies and profiles that secure specific portions of the endpoints, reducing their “attack surface”, and improving your security.

In this post, we’re going to show you how you can do exactly that. Limiting the attack surface ensures endpoint security as it blocks these possibly insecure paths and decreases the likelihood of a security breach through an endpoint.

Let’s jump in.

There are several ways to reduce your endpoint attack surface in Microsoft Defender. For example, you can:

  • Use application control to limit the types of apps that can run on machines in your environment
  • Control folders in which applications or users have access to
  • Control the types of devices that are allowed to be written to

In this post you’ll see an example of how to create an attack surface reduction rule using Microsoft Endpoint Manager and limit the attack surface on an endpoint in your environment.

Identify Infrastructure Security Holes and Growth Opportunities

How mature is your infrastructure? Have your infrastructure assessed by Model Technology engineers, and identify exactly where and how Unified Endpoint Management could improve your security, compliance, and efficiency.

Creating An Attack Surface Reduction Rule in Microsoft Defender

First, access your Endpoint Manager portal by going to endpoint.microsoft.com.

Go to devices, then down to configuration profiles. Here you see a list of profiles already created.

You can either modify one of these or choose to create a new profile. If you, drop down profile type, from here you can either choose from one of the templates provided or choose “Settings Catalog” which will essentially create a blank slate.

Hit create. Now you can give it a name.

Once you do, go down and hit next. Select add settings. In here, you’ll see that we have a lot of settings to choose from.

For this example, let’s use Microsoft Edge and select “Allow Download Restrictions” and “Allow Importing of Cookies.”

Let’s also drop down the Microsoft Edge default settings to “User can Override.”

Next, go to smart screen settings. Here you can add “Configure Microsoft Defender Smart Screen.”

Close that window, and select “Enable Allow Download Restrictions.” That’s going to block dangerous downloads. As for allow importing of cookies, leave that disabled. Also enable “Configure Microsoft Defender Smart Screen.”

Click next. Once you get here, choose to add a group. Choose the group that includes the devices that you want to include. Once you’re satisfied with the assignments, click “Next” an “Create.”

Now your ASR test one configuration profile has been created. You can click on that profile to check in on it, and once the members of the group have received the configuration profile and start reporting information back, we’ll see whether or not there are successes, errors, or conflicts.

For example, let’s go back and select a profile that we created in the past, and we’ll see that we have an overview report with information regarding whether or not this profile has been applied and the overall success or failure.

And that’s how to create an Attack Surface Reduction Rule in Microsoft Defender.

To find out more about how model technology solutions can help reduce your attack surface on your endpoints, please contact us at www.model-technology.com. You can also check out the Microsoft Documentation for Attack Surface Reduction here.

About the Author: Jesse Walter

Jesse Walter is a Partner with Model Technology Solutions and the Vice President of Research and Development. He has an extensive background in Microsoft endpoint management tools, such as Microsoft Endpoint Configuration Manager and Intune, as well as a strong foundation in the Microsoft 365 Defender stack. Additionally, he enjoys automating repeatable operational tasks using PowerShell, and has developed several security tools using C#.

Three Minutes For A More Secure & Efficient Infrastructure

Short and to the point, Steve’s Email Blasts give you endpoint management tips, tricks, and news in three minutes or less email read-time, guaranteed.

Model says no to spam. Privacy Policy

Model Technology Solutions

Model Technology Solutions is a small but mighty band of infrastructure experts. We’ve helped companies in diverse industries to modernize and automate their infrastructures through effectively managing their Microsoft endpoint suite.

With us on your team, you’ll watch your security and compliance go up and your IT team’s costs (and headaches) go down. You’ll relax in knowing that your endpoints will be secure and online when your users need them most. And you’ll finally get back to your most-important tasks.

Model Technology Solutions
12125 Woodcrest Executive Drive, Ste. 204 Creve Coeur, MO 63141

Phone: (314) 254-4138
General Inquiries: model@model-technology.com
Sales and Quotes: sales@model-technology.com