Introduction
This blog post is part of a series. If you did not see the first blogpost of the series, you should go through that first.
How I manage my device from Endpoint Manager – taste your own medicine – Part 1 of 4
How I manage my device from Endpoint Manager – taste your own medicine – Part 2 of 4
In this blog post I will go through the security recommendations that MDATP suggested on my own device and will show you how this is implemented in Endpoint manager one by one, as we should know what the recommendations are and how to set them.
I started off with 57 security recommendations and this is my way towards 0 (or close to 0 )
Prerequisites
– Microsoft Defender Advanced Threat Protection license – for more information read here
– Microsoft Endpoint Manager
Table of content
Security Recommendation 21 Disable Microsoft Defender Firewall notifications when programs are blocked for Private profile
Security Recommendation 22 Disable Microsoft Defender Firewall notifications when programs are blocked for Public profile
Security Recommendation 23 Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile
Security Recommendation 24 Disable merging of local Microsoft Defender Firewall connection rules with group policy firewall rules for the Public profile
Security Recommendation 25 Enable Apply UAC restrictions to local accounts on network logons
Security Recommendation 26 Disable SMBv1 client driver
Security Recommendation 27 Disable Allow Basic authentication for WinRM Client
Security Recommendation 28 Disable Allow Basic authentication for WinRM Service
Security Recommendation 29 Disable Autoplay for non-volume devices
Security Recommendation 30 Disable Autoplay for all drives
Let’s make my device more secure
Fire up your Microsoft edge browser (if you do not have that installed, now is the time)
Go to https://securitycenter.microsoft.com/
Choose Device inventory, select your device and see Security Recommendations for your device.
Security Recommendation 21 Disable Microsoft Defender Firewall notifications when programs are blocked for Private profile
This is more like and end-user experience rather than a security concern. But nice to have.
Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall
Give it a friendly name
Turn on firewall for private networks and disable inbound notifications
Assign to your device and create the policy.
Security Recommendation 22 Disable Microsoft Defender Firewall notifications when programs are blocked for Public profile
This is more like and end-user experience rather than a security concern. But nice to have.
Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall
Give it a friendly name
Turn on firewall for public networks and disable inbound notifications
Assign to your device and create the policy.
Security Recommendation 23 Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile
Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall
Give it a friendly name
Ignore all local firewall rules
Assign to your device and create the policy.
Security Recommendation 24 Disable merging of local Microsoft Defender Firewall connection rules with group policy firewall rules for the Public profile
Go to https://endpoint.microsoft.com/ -> Endpoint security -> Firewall
Give it a friendly name
Ignore all local firewall rules
Assign to your device and create the policy.
Security Recommendation 25 Enable Apply UAC restrictions to local accounts on network logons
Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles
Create Profile
Apply UAC restrictions to local accounts on network logons
Enabled
Assign it to your device and save it.
Security Recommendation 26 Disable SMBv1 client driver
Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles
Create Profile
Configure SMB v1 client driver
Enabled
Assign it to your device and save it.
Security Recommendation 27 Disable Allow Basic authentication for WinRM Client
Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles
Create Profile
Allow basic authentication
Disabled
Assign it to your device and save it.
Security Recommendation 28 Disable Allow Basic authentication for WinRM Service
Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles
Create Profile
Allow basic authentication
Disabled
Assign it to your device and save it.
Security Recommendation 29 Disable Autoplay for non-volume devices
Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles
Create Profile
Disabled
Assign it to your device and save it.
Security Recommendation 30 Disable Autoplay for all drives
Go to https://endpoint.microsoft.com/ -> Devices -> Windows -> Configuration Profiles
Create Profile
Enabled – All drives
Assign it to your device and save it.
To see the last 16 security recommendations go to part 4:
How I manage my device from Endpoint Manager – taste your own medicine – Part 4 of 4
Mattias Melkersen is a community driven and passionate modern workplace consultant with 20 years’ experience in automating software, driving adoption and technology change within the Enterprise. He lives in Denmark and works at Mindcore.
He is an Enterprise Mobility Intune MVP, Official Contributor in a LinkedIn group with 41.000 members and Microsoft 365 Enterprise Administrator Expert.
Mattias blogs, gives interview and creates a YouTube content on the channel "MSEndpointMgr" where he creates helpful content in the MEM area and interview MVP’s who showcase certain technology or topic.
Official Contributor here "Modern Endpoint Management":
https://www.linkedin.com/groups/8761296/
