{"id":5739,"date":"2022-11-01T23:16:56","date_gmt":"2022-11-01T21:16:56","guid":{"rendered":"https:\/\/jeffreyappel.nl\/?p=5739"},"modified":"2024-01-03T21:39:54","modified_gmt":"2024-01-03T19:39:54","slug":"microsoft-defender-for-endpoint-series-define-the-av-baseline-part4a","status":"publish","type":"post","link":"https:\/\/jeffreyappel.nl\/microsoft-defender-for-endpoint-series-define-the-av-baseline-part4a\/","title":{"rendered":"Microsoft Defender for Endpoint series \u2013 Define the AV policy baseline \u2013 Part4A"},"content":{"rendered":"\n
It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4<\/a> explains the AV\/ next-generation protection component. Now it is time for some more detailed policy explanation, what do we need to enable, which setting is recommended and where is impact expected? <\/p>\n\n\n\n NOTE: The blog series focuses on features in Microsoft Defender for Endpoint P2<\/strong> all Microsoft Defender for Endpoint P1<\/strong> features are available in P2.<\/p>\n\n\n\n Specific question or content idea part of Defender for Endpoint? Use the contact submission<\/a> form and share the post ideas.<\/strong><\/p>\n\n\n\n Microsoft Defender Antivirus is Microsoft Defender for Endpoint’s ‘next-generation<\/strong> protection component<\/em><\/strong>‘ that combines machine learning, big data analysis, threat research, and Microsoft\u2019s cloud infrastructure to protect devices more in-depth with additional layers based on behavior, heuristics, and real-time protection. <\/p>\n\n\n\n For more AV\/ NGAV information see; Microsoft Defender for Endpoint series \u2013 Configure AV\/ next-generation protection \u2013 Part4<\/a><\/p>\n\n\n\n Next to the configuration in Defender for Endpoint (security.microsoft.com), there are more additional configurations available related to Defender for Endpoint:<\/p>\n\n\n\n Next-generation protection\/ Defender AV<\/strong><\/p>\n\n\n\n Attack surface reduction<\/strong><\/p>\n\n\n\n Additional Defender protections<\/strong><\/p>\n\n\n\n As already explained in the previous part; cloud protection is critical and needs to be enabled correctly. <\/p>\n\n\n\n Cloud protection is available based on 4 pre-configured levels; <\/p>\n\n\n\n Zero Tolerance<\/em> is blocking all unknown executables and is useful for the real restricted endpoints. Based on my experience <\/strong>High<\/em> is average good protection; where High Plus<\/em> uses extra protection measures. <\/p>\n\n\n\n <\/p>\n\n\n\nIntroduction<\/h2>\n\n\n\n
What are the additional configurations?<\/h2>\n\n\n\n
\n
\n
\n
\n\n\n\nCloud protection<\/h2>\n\n\n\n
\n