Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Attack surfaces are all the places and ways the network and devices in your organization are vulnerable to attacks. For example:
- Unsecured devices.
- Unrestricted access to URLs on company devices.
- Unrestricted running of apps or scripts on company devices.
To help protect your network and devices, Microsoft Defender for Business includes several attack surface reduction capabilities. These capabilities include attack surface reduction (ASR) rules as described in the following table:
| Capability | Description |
|---|---|
| Attack surface reduction (ASR) rules | Prevent specific actions commonly associated with malicious activity from running on Windows devices. |
| Controlled folder access (CFA) | Allow only trusted apps to access protected folders on Windows devices. Think of this capability as ransomware mitigation. |
| Firewall protection | Determines which network traffic can flow to or from your organization's devices. |
| Network protection | Prevent users from accessing dangerous domains through applications on their Windows and Mac devices. Network protection is also a key component of web content filtering. |
| Web protection | Integrates with web browsers and works with network protection to protect against web threats and unwanted content. Web protection includes web threat protection, web content filtering, and custom indicators. |
Configure attack surface reduction features
Note
Microsoft 365 Business Premium includes Microsoft Intune Plan 1, which is the recommended method to configure and deploy security features on devices. Standalone Defender for Business doesn't include Intune, so you need to use another configuration method (for example, Group Policy or PowerShell locally on devices).
Attack surface reduction (ASR) rules: For more information, see Deployment and configuration methods for ASR rules and ASR rules deployment guide.
Controlled folder access (CFA): For more information, see Deployment and configuration methods for CFA.
Firewall protection: Enabled by default when devices are onboarded to Defender for Business and firewall policies in Defender for Business are applied.
Network protection: Enabled by default when devices are onboarded to Defender for Business and next-generation protection policies are applied. Default policies are configured with the recommended security settings.
Web protection: Set up web content filtering in Microsoft Defender for Business.
Monitor attack surface reduction features
You can monitor how attack surface reduction features are working in your organization by using the following reports in the Microsoft Defender portal:
- ASR rules: Attack surface reduction (ASR) rules report
- Controlled folder access: Monitor controlled folder access activity
- Network and web protection: Web protection monitoring report
- Firewall: Host firewall reporting