This article is contributed. See the original author and article here.
Advanced breaches like human-operated ransomware campaigns and Solorigate continue to pose significant risks to businesses. Most of these breaches involve tampering with security solutions and settings. To defend against these types of breaches, it’s clear that tamper protection in Microsoft Defender for Endpoint should be turned on for all devices. Tamper protection helps prevent bad actors from disabling security features, such as antivirus protection, on your devices.
Last year, we announced support for tamper protection on Configuration Manager managed devices (using tenant attach). The update helps ensure that all devices onboarded to Microsoft Defender for Endpoint have tamper protection turned on, and is applicable for both active- and passive-mode devices.
TIP: If you are managing devices in a hybrid environment, or you need more granular control than a tenant-wide setting, continue using Intune or Configuration Manager. We recommend keeping tamper protection turned on, tenant wide. To do that, you can use the Microsoft Defender Security Center or the Microsoft 365 security center.
You shouldn’t need to exclude devices from tamper protection; however, if your organization wants to exclude devices, use the Microsoft Endpoint Manager admin center. To learn more, see Exclude groups from a profile assignment.
Currently, the option to manage tamper protection for Microsoft Defender for Endpoint is on an opt-in basis, with plans to make this the default method in near future.
To learn more, see Manage tamper protection using the Microsoft Defender Security Center.
There’s more to come!
Additional resources:
- Documentation: Protect security settings with tamper protection
- Tech Community blog: Tamper protection is now generally available
- Tech Community blog: Enable tamper protection in Threat & Vulnerability Management
- Tech Community blog: Announcing tamper protection for Configuration Manager tenant attach clients
Microsoft Defender for Endpoint is an industry leading, cloud powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense. With our solution, threats are no match. If you’re not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free Microsoft Defender for Endpoint trial today.
Microsoft Defender for Endpoint team
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments