Attack surface reduction for Windows 10

Microsoft 365 2 Minutes

You may not be aware, but Microsoft has a number of ways that you can implement Attack Surface Reduction (ASR) settings in your Windows 10 environment. You read about these here:

Reduce attack surfaces with attack surface reduction rules

In essence, these rules reduce the items that maybe exploited by attacks on Windows 10 desktops. In reality, they are a good thing to enable if you want to be more secure.

Microsoft has a number of ways you can implement these.

SNAGHTML5612e1b

The preferred option is to use Microsoft EndPoint Manager as shown above. To do this navigate to:

https://endpoint.microsoft.com/

Select Endpoint security on the left, then Attack surface reduction and create a new policy on the right.

image

You can then enable all the settings you wish such as:

Block executable content from email client and webmail

Once you save the policy, it can be deployed to the devices configured in Microsoft EndPoint Manager. This will typically mean those devices have a license for Intune and use that or Configuration manager to deploy such policies. However, it will also support others forms of basic MDM that you may have (like the basic Device management that comes with most Microsoft 365 plans)

image

You can also deploy these using the EndPoint protection configuration policies for Intune as shown above. You’ll find the ASR items under the Microsoft Defender Exploit Guard area in the policy.

Group policy setting showing a blank attack surface reduction rule ID and value of 1

You can also use Group policy as seen above.

And of course you can also do it via PowerShell. if you do elect to use PowerShell, which is great for a stand alone machine, there is a handy tool you can use here:

https://github.com/hemaurer/MDATP_PoSh_Scripts/tree/master/ASR%20GUI

which, when run, looks like:

image

All you then need to do is select your options and save them to update the policies on the local machine.

The options above, plus more are detailed here:

Enable attack surface reduction rules

and I encourage you to visit the page and implement the option that works for you and your environment. For me, using Microsoft EndPoint Manager is the quickest and easiest method to deploy it across my devices. However, you can use PowerShell to quickly and easily implement it for a single device. Using ASR will make your Windows 10 devices more secure, and we all want that, so what are you waiting for?

Published by directorcia

Published

8 thoughts on “Attack surface reduction for Windows 10

  1. Pingback: Case sensitivity is important with the Microsoft Graph – CIAOPS
  2. Pingback: Automating the deployment of an Attack Surface Reduction policy across multiple tenants – CIAOPS
  3. Pingback: Show ASR settings for device with PowerShell – CIAOPS
  4. Pingback: End to End email protection with Microsoft 365–Part 4 – CIAOPS
  5. Pingback: End to End email protection with Microsoft 365–Part 5 – CIAOPS
  6. Pingback: Reviewing Windows 10 Audit Policy Settings – CIAOPS
  7. Pingback: All the Guards–Part 7 – CIAOPS
  8. Pingback: Testing for CVE-2021-40444 vulnerability – CIAOPS

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s