Attack Surface Reduction in Windows 10

How is asr not just another name for anti-malware protection? Is it the fact that you are setting policy to prevent application actions that normally would be where malware behaviors attempt to carry out their deeds?

myusrn

Love your demos Matt, but I wish you'd clarify how ASR is used on Servers.
I think the only way is to use those powershell commands?
i.e. you can't configure servers via Endpoint Manager right?
And the report is cool but it would be useful to know exactly where the alerts are generated - in securitycenter I assume, and then they're also available in security.microsoft.com since that's your single pane of glass.
And on a side topic I'd like someone to do a video on which defender pieces should be installed on servers eg:
- defender for server (vs for endpoints) - eg. 'you're not really installing defender on servers, it's already there, you're installing the azure monitor (OMS) agent so defender can communicate with securitycenter, which in turn allows Sentinel and MCAS to pull events from the log analytics workspace, and provides MCAS and securitycenter a way to update defender with exclusions etc.
- defender for identity (for domain controllers)
- azure monitor - for security events > sentinel
- enable ASR rules via powershell

simple-security

I have an issue setting ASR Policies in EndPoint Manager using PowerShell and Intune. Basically, the script setting work but they fail to show up in GUI. Who can I contact to help resolve??

directorcia

Does it work along other vendor EDR no conflict, can it be enable since other vendor control security setting if installed on windows 10 pro

majidomeir

What software do you use to record your videos?

ToTCaMbIu