You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
> Due to product constrains, the device profile does not consider all cyber evidence when determining the 'Last Seen' timeframe (as seen on the device page as well).
53
+
> Due to product constraints, the device profile doesn't consider all cyber evidence when determining the 'Last Seen' timeframe (as seen on the device page as well).
54
54
> For example, the 'Last seen' value in the Device page may show an older time frame even though more recent alerts or data is available in the machine's timeline.
55
55
56
56
## Device details
@@ -152,16 +152,26 @@ To further inspect the event and related events, you can quickly run an [advance
152
152
153
153
**Security recommendations** are generated from Microsoft Defender for Endpoint's [Vulnerability Management](/defender-vulnerability-management/tvm-dashboard-insights) capability. Selecting a recommendation shows a panel where you can view relevant details such as description of the recommendation and the potential risks associated with not enacting it. See [Security recommendation](api/ti-indicator.md) for details.
154
154
155
+
### Configuration management - Security policies
155
156
157
+
The **Security policies** tab shows the endpoint security policies that are applied on the device. You see a list of policies, type, status, and last check-in time. Selecting the name of a policy takes you to the policy details page where you can see the policy settings status, applied devices, and assigned groups.
156
158
159
+
:::image type="content" source="media/mde-security-policies.png" alt-text="Screenshot showing the Security policies tab." lightbox="media/mde-security-policies.png":::
157
160
158
-
### Security policies
161
+
### Configuration management - Effective settings
159
162
160
-
The **Security policies** tab shows the endpoint security policies that are applied on the device. You see a list of policies, type, status, and last check-in time. Selecting the name of a policy takes you to the policy details page where you can see the policy settings status, applied devices, and assigned groups.
163
+
The **Effective settings** tab provides visibility into the actual value of each security setting and identifies the source that configured it. It lists setting names, policy types, effective values, the source of each effective value, and the last report time.
161
164
165
+
Configuration sources can include tools like Microsoft Defender for Endpoint, Group Policy, Intune, or default settings. They can also be specific registry paths, such as the MDM or Group Policy hives. If the source is a registry location, the Configured By field shows as **Unknown** along with the registry path.
166
+
167
+
Select a setting to open a side panel with more details. You see the current value, any other configuration attempts that didn’t take effect, and—for complex settings like ASR rules or AV exclusions—a breakdown of all configured rules, their sources, and any exclusions.
168
+
169
+
> [!NOTE]
170
+
> The presented settings are AV security settings, Attack Surface Reduction rules, and exclusions, for Windows platforms.
:::image type="content" source="media/mde-effective-settings.png" alt-text="Screenshot showing the Effective settings tab." lightbox="media/mde-effective-settings.png":::
164
173
174
+
:::image type="content" source="media/mde-effective-settings-open.png" alt-text="Screenshot showing the opened Effective settings value tab." lightbox="media/mde-effective-settings-open.png":::
Copy file name to clipboardExpand all lines: defender-endpoint/manage-security-policies.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.collection:
12
12
- tier2
13
13
ms.topic: how-to
14
14
search.appverid: met150
15
-
ms.date: 08/05/2024
15
+
ms.date: 05/28/2025
16
16
---
17
17
18
18
# Manage endpoint security policies in Microsoft Defender for Endpoint
@@ -100,7 +100,7 @@ To verify that you have successfully created a policy, select a policy name from
100
100
101
101
The policy page displays details that summarize the status of the policy. You can view a policy's status, which devices it has been applied to, and assigned groups.
102
102
103
-
During an investigation, you can also view the **Security policies** tab in the device page to view the list of policies that are being applied to a particular device. For more information, see [Investigating devices](investigate-machines.md#security-policies).
103
+
During an investigation, you can also view the **Security policies** tab in the device page to view the list of policies that are being applied to a particular device. For more information, see [Investigating devices](investigate-machines.md).
104
104
105
105
:::image type="content" source="./media/security-policies-list.png" alt-text="Security policies tab with list of policies":::
Copy file name to clipboardExpand all lines: defender-endpoint/mde-security-settings-management.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ manager: deniseb
8
8
ms.service: defender-endpoint
9
9
ms.subservice: ngp
10
10
ms.topic: how-to
11
-
ms.date: 05/24/2025
11
+
ms.date: 05/28/2025
12
12
ms.collection:
13
13
- m365-security
14
14
- tier2
@@ -114,7 +114,7 @@ To verify that you have successfully created a policy, select a policy name from
114
114
115
115
The policy page displays details that summarize the status of the policy. You can view a policy's status, which devices it is applied to, and assigned groups.
116
116
117
-
During an investigation, you can also view the **Security policies** tab in the device page to view the list of policies that are being applied to a particular device. For more information, see [Investigating devices](investigate-machines.md#security-policies).
117
+
During an investigation, you can also view the **Security policies** tab in the device page to view the list of policies that are being applied to a particular device. For more information, see [Investigating devices](investigate-machines.md).
118
118
119
119
:::image type="content" source="./media/security-policies-list.png" alt-text="Security policies tab with list of policies" lightbox="./media/security-policies-list.png":::
0 commit comments