Microsoft Business Premium Implementation Guide – Part 4 of 7

Part 4: Endpoint Protection

Before we continue, let's confirm a few things:

1. All steps have been implemented from Part 3.

2. Web Content Filtering

Prevent users from going to unsafe and unproductive websites.
Options:
Changes Communicated:

Click here to view the current list of web content filtering categories

Up to the decision maker's discretion if they want to notify their end users of the policy to prevent their users from creating support tickets to unblock websites.

3. Windows Defender Firewall Policy

Provides a host-based traffic filtering for your device. It helps secure devices by determining which network traffic is permitted on devices.
Options:
Changes Communicated:

Click here to view the default policy and available custom options

If there are custom firewall settings, that may require additional notification to end users.

4. Windows Defender Next-Gen Protection Policy

Enhanced device protection that includes antivirus and antimalware protection for all devices.
Options:
Changes Communicated:

Click here to view the current default policy and available customized options.

Daily scan run by default. These scans are not scheduled. Weekly scans can be scheduled at an approved date/time from decision maker. Computers must stay on in order for these scans to be successful.

5. Configure Automated Investigation & Response (AIR)

Automated investigations use various inspection algorithms and is based on processes that are used by our security analysts. These capabilities are designed to examine alerts and take immediate action to resolve breaches (sending file to quarantine, stopping a service, killing a process, removing a scheduled task).
Options:
Changes Communicated:

Click here to view the different levels of automation.

Daily scan run by default. These scans are not scheduled. Weekly scans can be scheduled at an approved date/time from decision maker. Computers must stay on in order for these scans to be successful.

6. Configure Compliance Policies

Compliance policies takes a risk assessment from Microsoft Defender for Business (MDB) as a condition for accessing company data inside Microsoft 365. For example, a device must have a low risk score in order to access company data (similar to device compliance policies above but brings in MDB assessments).
Options:
Changes Communicated:

Click here to view the differences in risk scores

Depending on what policies are selected, notifications to the end users may be required.

7. Attack Surface Reduction Rules (ASR)

ASR rules reduce the attack surface of a system by disabling or blocking potentially vulnerable features and applications, thus making it more difficult for attackers to exploit vulnerabilities. ASR rules can also provide greater visibility into the behavior of applications, allowing administrators to identify and address security issues more efficiently.
Standard Protection Options:
Changes Communicated:

Click here to view the details of the Standard Protection Rules

Click here to view available Attack Surface Reduction Rules

Depending on what option is selected, notifications to the end users may be required.

8. App & Browser Isolation

AKA Application Guard which helps to isolate untrusted sites when users are browsing the internet. Application Guard also protects Microsoft Office by preventing untrusted files from accessing trusted resources through opening files in an isolated environment and if the site/file turns out to be malicious, it is isolated to that separate environment therefore keeping your device protected.
Options:
Changes Communicated:

Click here to view the various options for Application Guard

Depending on what option is selected, notifications to the end users may be required.

9. Device Control

Device control settings allow you to configure devices with a layered approach to secure removable media. This further provides multiple monitoring and control features to help prevent threats in unauthorized peripherals (USB) from compromising your device.
Options:
Changes Communicated:

If set to block, we need to notify end users that they will not be able to use removable devices to transport data from their computers.

10. Application Control

Application control provides additional security layers through restricting the applications that users are allowed to run and the code that runs in that system core.
Options:

11. Attack Simulation Training

Allows you to run realistic attack scenarios in your organization to identify vulnerabilities within your employee base. Simulations of current types of attacks are available, including spear phishing credential harvest and attachment attacks, and password spray and brute force password attacks.
Options:
Changes Communicated:

Click here to view the simulations available

To enable this feature, we will need to add on the Microsoft Defender for Office 365 P2 license. This is an additional $5/mo/user.

Additional Features Include:
1. Advanced Threat Hunting
2. Additional Reporting
3. Access to Microsoft Threat Experts

STOP!

Let's complete the action items in this section and reconvene as soon as possible.

Our Responsibility:
Your Responsibility: