Search This Blog

Friday, December 11, 2020

How I manage my device from Endpoint Manager - taste your own medicine - Part 3 of 4

Introduction

Glück & Kanja Consulting AG | Cloud Security Operations Center

This blog post is part of a series. If you did not see the first blogpost of the series, you should go through that first.

How I manage my device from Endpoint Manager - taste your own medicine - Part 1 of 4

How I manage my device from Endpoint Manager - taste your own medicine - Part 2 of 4

In this blog post I will go through the security recommendations that MDATP suggested on my own device and will show you how this is implemented in Endpoint manager one by one, as we should know what the recommendations are and how to set them.

I started off with 57 security recommendations and this is my way towards 0 (or close to 0 )

 

Prerequisites

- Microsoft Defender Advanced Threat Protection license – for more information read here

- Microsoft Endpoint Manager

 

Table of content

Security Recommendation 21 Disable Microsoft Defender Firewall notifications when programs are blocked for Private profile

Security Recommendation 22 Disable Microsoft Defender Firewall notifications when programs are blocked for Public profile

Security Recommendation 23 Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile

Security Recommendation 24 Disable merging of local Microsoft Defender Firewall connection rules with group policy firewall rules for the Public profile

Security Recommendation 25 Enable Apply UAC restrictions to local accounts on network logons

Security Recommendation 26 Disable SMBv1 client driver

Security Recommendation 27 Disable Allow Basic authentication for WinRM Client

Security Recommendation 28 Disable Allow Basic authentication for WinRM Service

Security Recommendation 29 Disable Autoplay for non-volume devices

Security Recommendation 30 Disable Autoplay for all drives

 

Let’s make my device more secure

Fire up your Microsoft edge browser (if you do not have that installed, now is the time)

Go to https://securitycenter.microsoft.com/

Choose Device inventory, select your device and see Security Recommendations for your device.

 

Security Recommendation 21 Disable Microsoft Defender Firewall notifications when programs are blocked for Private profile

clip_image002

This is more like and end-user experience rather than a security concern. But nice to have.

Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall

clip_image004

clip_image006

Give it a friendly name

clip_image008

Turn on firewall for private networks and disable inbound notifications

Assign to your device and create the policy.

 

Security Recommendation 22 Disable Microsoft Defender Firewall notifications when programs are blocked for Public profile

clip_image010

This is more like and end-user experience rather than a security concern. But nice to have.

Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall

clip_image011

clip_image012

Give it a friendly name

clip_image014

Turn on firewall for public networks and disable inbound notifications

Assign to your device and create the policy.

 

Security Recommendation 23 Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile

clip_image016

Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall

clip_image017

clip_image018

Give it a friendly name

clip_image020

Ignore all local firewall rules

Assign to your device and create the policy.

 

Security Recommendation 24 Disable merging of local Microsoft Defender Firewall connection rules with group policy firewall rules for the Public profile

clip_image022

Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall

clip_image023

clip_image024

Give it a friendly name

clip_image026

Ignore all local firewall rules

Assign to your device and create the policy.

 

Security Recommendation 25 Enable Apply UAC restrictions to local accounts on network logons

clip_image028

Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles

Create Profile

clip_image030

clip_image032

clip_image034

Apply UAC restrictions to local accounts on network logons

clip_image036

Enabled

Assign it to your device and save it.

 

Security Recommendation 26 Disable SMBv1 client driver

clip_image038

Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles

Create Profile

clip_image039

clip_image041

clip_image043

Configure SMB v1 client driver

clip_image045

Enabled

Assign it to your device and save it.

 

Security Recommendation 27 Disable Allow Basic authentication for WinRM Client

clip_image047

Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles

Create Profile

clip_image039[1]

clip_image049

clip_image051

Allow basic authentication

clip_image053

Disabled

Assign it to your device and save it.

 

Security Recommendation 28 Disable Allow Basic authentication for WinRM Service

clip_image055

Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles

Create Profile

clip_image056

clip_image057

clip_image059

Allow basic authentication

clip_image061

Disabled

Assign it to your device and save it.

 

Security Recommendation 29 Disable Autoplay for non-volume devices

clip_image063

Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles

Create Profile

clip_image056[1]

clip_image064

clip_image066

clip_image068

Disabled

Assign it to your device and save it.

 

Security Recommendation 30 Disable Autoplay for all drives

clip_image070

Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles

Create Profile

clip_image071

clip_image072

clip_image074

clip_image076

Enabled – All drives

Assign it to your device and save it.

 

To see the last 16 security recommendations go to part 4:

How I manage my device from Endpoint Manager - taste your own medicine - Part 4 of 4

No comments:

Post a Comment