Microsoft Defender ATP Training Series Part 3: Attack Surface Reduction (ASR)
Рет қаралды 4,548
Күн бұрын
@adeyemiakanfe7641 3 жыл бұрын
Your video is superb.
@AmbarishRH 3 жыл бұрын
Thanks a lot,glad you like it!
@SkilfulPranks 4 жыл бұрын
Great and good explanation.
@AmbarishRH 4 жыл бұрын
Glad you liked it!
@ayomidetaylor5675 3 жыл бұрын
Solid series. Great!
@AmbarishRH 3 жыл бұрын
Thank you!
@alessandrosantos7582 4 жыл бұрын
Great ! Could you create a video with Web Content, the setup please.
@AmbarishRH 4 жыл бұрын
Hi Alessandro, hope this is about the web content filtering via defender. If so, its on my list. Thanks
@alessandrosantos7582 4 жыл бұрын
@@AmbarishRH Amazing !
@naveeenkumarpothuganti1482 2 жыл бұрын
Super sir
@loveadrisha 4 жыл бұрын
Very nice presentation👌
@AmbarishRH 4 жыл бұрын
Thank you! Cheers!
@vipuldabhi6971 2 жыл бұрын
Need to know the best practice to implement ASR.. this more on post implementation aspects of ASR
@AmbarishRH 2 жыл бұрын
I would suggest to look at the secure score and recommendations on defender portal which will show you the best ASR policoes to deploy based on criticality and also it shows you impacts on user per rule
@vipuldabhi6971 2 жыл бұрын
Also need to know how to check or confirm if a device is enabled with ASR,
@AmbarishRH 2 жыл бұрын
You can find this from defender portal-reports- under Endpoints- Attack Surface Reduction Rules
@vaibhavchaturvedi5174 4 жыл бұрын
Hi Ambarish, please make a video on Azure security center and Azure ATP.
@AmbarishRH 4 жыл бұрын
Hi Vaibhav, thanks for the feedback. I have these scheduled in the coming sessions. However, feel free to reach out if you need to know anything in specific
@6123arvind 4 жыл бұрын
where are other parts of atp like EDR , automatic invest. and remediation ... thanks for first 3 parts
@AmbarishRH 4 жыл бұрын
Each one of those features coming soon in the next videos
@avinashsudulagunta9470 3 жыл бұрын
Hi Sir , How we get to know whether ASR Rules affected by VBA Automation or not., and is there any way we to make sure that VBA cannot affect the ASR rules
@AmbarishRH 3 жыл бұрын
Hi Avinash, You could use the troubleshooting methods listed docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-asr-rules?view=o365-worldwide In your case, you could run advanced hunting queries from security.microsoft.com/advanced-hunting and use the query as below example DeviceEvents | where ActionType startswith 'Asr' | where InitiatingProcessFolderPath contains "VBAscriptname" You can also use the exclusions in ASR if you want something to be excluded from ASR rules. docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-worldwide
@aneeshnicola9981 2 жыл бұрын
How can we test using the ASR tool?
@AmbarishRH 2 жыл бұрын
ideal way is to setup test/pilot drvice and apply rules one by one, vareify the impact using ASR hunting scripts or from the reports section on security.micrososft.com- ASR reprts abd based on requirements add exceptions, then test and roll out to prpduction
@omerkhan4049 4 жыл бұрын
how can i export AV definition and out date Definition/signature
@AmbarishRH 4 жыл бұрын
Hope you are referring to www.microsoft.com/en-us/wdsi/defenderupdates
Ambarish RH
Рет қаралды 4,2 М.
Daniel LaBelle
Рет қаралды 150 МЛН
Ambarish RH
Рет қаралды 17 М.
MSEndpointMgr - Jungling the Cloud
Рет қаралды 4,8 М.
Red Canary
Рет қаралды 1 М.
Harvansh Singh
Рет қаралды 7 М.
Matt Soseman
Рет қаралды 11 М.