Overview of Attack Surface Reduction Rules in Intune MEM

 In this guide, we will understand what are Attack Surface Reduction Rules in Intune (MEM). Using Intune, you can create and configure ASR Rules for your organization. Let’s understand what are Attack Surface Reduction Rules and list of ASR rules available for configuration.


The Attack Surface reduction rules that you create in Intune (MEM) apply to Microsoft Defender for Endpoint Plan 2, Microsoft 365 Defender and Microsoft Defender Antivirus. There are many examples of ASR rules that you can create with Microsoft Intune and I will share a list of ASR Rules in this guide.

https://gisforum.pp.ua/viewtopic.php?t=4141

https://adaptation-sterea.envirometrics.gr/index.php?topic=836.0

https://adaptation-sterea.envirometrics.gr/index.php?topic=2009.0

https://adaptation-sterea.envirometrics.gr/index.php?topic=2032.0

http://topyeongch.net/bbs/board.php?bo_table=notice&wr_id=144&page=5

https://therainbowscollective.com/forum/index.php?topic=801.0

https://therainbowscollective.com/forum/index.php?topic=1043.0

https://therainbowscollective.com/forum/index.php?topic=1034.0

http://www.izolacniskla.cz/forum-detail.php?dt_id=19683

http://nicolasmorenopsicologo.com/foro_psicologia/index.php/topic,68815.0.html

http://nicolasmorenopsicologo.com/foro_psicologia/index.php/topic,33561.0.html

http://nicolasmorenopsicologo.com/foro_psicologia/index.php/topic,76279.0.html

https://procrafting.net/Forums/showthread.php?tid=114

https://forum.ltcc-pechea.ro/showthread.php?tid=2647

Microsoft recommends you to test how Intune ASR rules will impact your organization before enabling them by running ASR rules in audit mode for a brief period of time. While you are running the rules in audit mode, you can identify any line-of-business applications that might get blocked erroneously, and exclude them from ASR. Start with a small, controlled group to limit potential work disruptions, and later you can expand your deployment across your organization.


Attacks Surface Reduction is a complex topic, and there are many aspects to consider. To make it easier I am going to list some resources for getting started with Attack Surface Reduction rules in Intune.


Understand and use attack surface reduction capabilities

Attack surface reduction rules overview

Plan attack surface reduction (ASR) rules deployment

Test attack surface reduction (ASR) rules

Enable attack surface reduction (ASR) rules

Operationalize attack surface reduction (ASR) rules

What are Attack Surfaces?

Attack surfaces are all the places where your organization is vulnerable to cyberthreats and attacks. Defender for Endpoint includes numerous capabilities to help reduce your attack surfaces.


All the points where your company is exposed to cyberthreats and attacks are known as attack surfaces. Various features in Defender for Endpoint might help you decrease your attack surfaces.


Methods to Configure ASR Capabilities

When you configure attack surface reduction capabilities, you can choose from among several methods:


Microsoft Endpoint Manager (includes Microsoft Intune and Configuration Manager)

Group Policy

PowerShell cmdlets


What are Attack Surface Reduction Rules in Intune?

Attack surface reduction measures focus on actions that malware and malicious software commonly take to infect computers, such as: executable files and scripts used in Office applications or web mail that attempt to download or run files obfuscated. Another example is suspicious script behaviors that apps don’t usually initiate during normal day-to-day work.


For Intune, ASR rules target certain software behaviors, such as:

https://www.we-detect.com/Forum/showthread.php?tid=11&pid=11

http://eu.vdtruck.net/forum/index.php?topic=1034853.0

http://eu.vdtruck.net/forum/index.php?topic=1009725.0

http://freemissionary.de/viewtopic.php?p=87228

http://www.freemissionary.de/viewtopic.php?t=173969

http://www.freemissionary.de/viewtopic.php?t=171451

http://molbiol.ru/forums/index.php?showtopic=2539

http://casualvalueinvestor.com/forum/index.php?topic=174180.0

https://casualvalueinvestor.com/forum/index.php?topic=174855.0

http://casualvalueinvestor.com/forum/index.php?topic=127420.0

https://mariospad.boardhost.com/viewtopic.php?id=65039

https://mariospad.boardhost.com/viewtopic.php?id=179

https://mariospad.boardhost.com/viewtopic.php?id=77797

https://www.yamahaaircraft.com/phpBB3/viewtopic.php?t=6133

http://www.yamahaaircraft.com/phpBB3/viewtopic.php?t=26340

http://www.yamahaaircraft.com/phpBB3/viewtopic.php?t=16786


Launching executable files and scripts that attempt to download or run files

Running obfuscated or otherwise suspicious scripts

Behaviors that apps don’t usually occur during normal day-to-day work

By reducing the different attack surfaces, you can help prevent attacks from happening in the first place. Take a look at detailed guide on how to use attack surface reduction capabilities.


Operating System Requirements for ASR Rules

You can set attack surface reduction rules for devices that are running any of the following editions and versions of Windows:


Windows 10 Pro, version 1709 or later

Windows 10 Enterprise, version 1709 or later

Windows Server, version 1803 (Semi-Annual Channel) or later

Windows Server 2022

Windows Server 2019

Windows Server 2016

Windows Server 2012 R2

Comments

Post a Comment

Popular posts from this blog

The 10 Best Apartment Websites of 2019

Condo discoverer sites are prospering, with most destinations joined by Android and iOS applications for in a hurry get to. To abstain from passing up key highlights, be that as it may, it's ideal to concentrate on the sites themselves. Here's are the ten best sites to discover lofts, regardless of whether its a studio or a shabby 2 room. 1.Hotpads: Most Feature-Packed Apartment Finder  Naturally, this component rich site gives you a guide of the zone, with a rundown see close by. In the guide see, you select symbols of structures to see subtleties and photographs of explicit loft postings. Photographs additionally incorporate Google Street View. Worked in inquiry channels incorporate condo, value run, number of office setup showers, rental sorts, and property types. You can choose from rental kinds, for example, customary, sublet, corporate, and space for lease, just as from property types, for example, loft, apartment suite, duplex, house, and townhouse. On the of
Read more

The 10 Best Sites for Free Stock Images

On the off chance that you need to download free stock pictures to add to your site, blog, social profiles or whatever else, you need to realize where to search for them on the web. The best destinations have enormous libraries of astounding pictures in each classification conceivable that you can use for essentially anything by any stretch of the imagination—without expecting to give attribution on the off chance that you'd favor not. We scoured the web to locate the most elite. Examine the accompanying rundown with the expectation of complimentary stock photographs that will overwhelm you. 1.Unsplash: Crowdsourced Photos from Photograpehrs Around the World  Unsplash is a notable top choice, highlighting probably the most expert looking photography you'll discover anyplace on the web. The majority of its photographs originate from the liberal picture takers who give them to the network to use for nothing, no attribution fundamental (however valued). You can make your
Read more

ConfigMgr 2212 Technical Preview Update Details

There will be no ConfigMgr 2212 Technical Preview release. Yes, you heard it right: Microsoft skipped the 2212 technical preview release, and the next TP release will be version 2301. Typically, Microsoft releases a technical preview version every single month of the year. In the past, we also saw two technical preview releases in a month. But for the first time ever, there won’t be a technical preview release. On this blog, I have been covered the installation and new features all the versions of technical preview that have been released so far. Did you know that there have been 97 technical preview versions released by Microsoft so far? The two previous technical preview releases were TP 2211 and TP 2210 and version 2212 was expected in the month of December 2022. Here is an updated guide consisting of all the SCCM technical preview releases. https://www.tnfnorth.com/viewtopic.php?t=2830 http://tnfnorth.com/viewtopic.php?t=7189 http://tnfnorth.com/viewtopic.php?t=155931 https://tnfno
Read more