How to enable microsoft defender6/21/2023 ![]() That is when Defender is not the main anti-virus software in the device. Restrict correlation to within scoped device groups – When a device is a member of more than 1 device group, switching them ON will not corollate the alerts under the device, the main Security administrator will still be able to see all the alerts reported for a specific device.Įnable EDR in block mode – This will make sure the Endpoint Detection and Response will work in passive mode. Enabling this feature will stop such acts and will remediate it for all the devices in the tenant. ![]() Live response unsigned script execution – Enabling this will help the admin who does the live response troubleshooting to run unsigned scripts if neededĪlways remediate PUA (Potentially Unwanted Apps) – This is a nice feature to turn ON as devices may have unwanted applications installed, display unexpected adverts install apps that is potentially slow down the device and not required for the user. Live response for servers – This is the server version of the Live Response feature Live Response – If this feature is ON, and provided the RBAC groups have got the Live Response ON, then they can start access the devices and investigate them Meaning, when you specify the remediation level to the device group and when there is a threat, it will automatically try to heal it depending on the remediation level. With this setting on, then you can create your Device Groups with the remediation level. You need to turn this ON in order to AIR (Automated Investigation and Response) to work. Go to > Settings > Endpoints > Advanced FeaturesĪutomated Investigation – This is recommended to keep switched ON In this article I will explore on how to enable the advanced features in MDE so it will be on “God Mode” as I like to put it and start intergrate with other systems like Microsoft Endpoint Manager etc. In my previous article we saw how to enable roles and provide RBAC to specific groups.
0 Comments
Leave a Reply. |