You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/attack-surface-reduction-rules-deployment-test.md
+18-12Lines changed: 18 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ ms.collection:
17
17
- highpri
18
18
- tier1
19
19
- mde-asr
20
-
ms.date: 03/26/2025
20
+
ms.date: 06/05/2025
21
21
search.appverid: met150
22
22
---
23
23
@@ -56,33 +56,39 @@ Begin the testing phase by turning on the attack surface reduction rules with th
56
56
You can use Microsoft Intune Endpoint Security to configure custom attack surface reduction rules.
57
57
58
58
1. Open the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
59
+
59
60
2. Go to **Endpoint Security** > **Attack surface reduction**.
61
+
60
62
3. Select **Create Policy**.
63
+
61
64
4. In **Platform**, select **Windows 10, Windows 11, and Windows Server**, and in **Profile**, select **Attack surface reduction rules**.
62
65
63
-
> [!div class="mx-imgBorder"]
64
-
> :::image type="content" source="media/asr-mem-create-profile.png" alt-text="The profile creation page for ASR rules" lightbox="media/asr-mem-create-profile.png":::
66
+
> [!div class="mx-imgBorder"]
67
+
> :::image type="content" source="media/asr-mem-create-profile.png" alt-text="The profile creation page for ASR rules" lightbox="media/asr-mem-create-profile.png":::
65
68
66
69
5. Select **Create**.
70
+
67
71
6. In the **Basics** tab of the **Create profile** pane, in **Name** add a name for your policy. In **Description** add a description for your attack surface reduction rules policy.
72
+
68
73
7. In the **Configuration settings** tab, under **Attack Surface Reduction Rules**, set all rules to **Audit mode**.
69
74
70
-
> [!div class="mx-imgBorder"]
71
-
> :::image type="content" source="media/asr-mem-configuration-settings.png" alt-text="The configuration of attack surface reduction rules to Audit mode" lightbox="media/asr-mem-configuration-settings.png":::
75
+
> [!div class="mx-imgBorder"]
76
+
> :::image type="content" source="media/asr-mem-configuration-settings.png" alt-text="The configuration of attack surface reduction rules to Audit mode" lightbox="media/asr-mem-configuration-settings.png":::
72
77
73
-
> [!NOTE]
74
-
> There are variations in some attack surface reduction rules mode listings; _Blocked_ and _Enabled_ provide the same functionality.
78
+
> [!NOTE]
79
+
> There are variations in some attack surface reduction rules mode listings; _Blocked_ and _Enabled_ provide the same functionality.
75
80
76
81
8.[Optional] In the **Scope tags** pane, you can add tag information to specific devices. You can also use role-based access control and scope tags to make sure that the right admins have the right access and visibility to the right Intune objects. Learn more: [Use role-based access control (RBAC) and scope tags for distributed IT in Intune](/mem/intune/fundamentals/scope-tags).
77
-
9. In the **Assignments** pane, you can deploy or "assign" the profile to your user or device groups. Learn more: [Assign device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign#exclude-groups-from-a-profile-assignment)
78
82
79
-
> [!NOTE]
80
-
> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
83
+
9. In the **Assignments** pane, you can deploy or "assign" the profile to your user or device groups. For more information, see [Assign device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign#exclude-groups-from-a-profile-assignment).
84
+
85
+
> [!NOTE]
86
+
> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
81
87
82
88
10. Review your settings in the **Review + create** pane. Select **Create** to apply the rules.
0 commit comments