When to use additional security policies

%3CLINGO-SUB%20id%3D%22lingo-sub-2006778%22%20slang%3D%22en-US%22%3EWhen%20to%20use%20additional%20security%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2006778%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20rules%20of%20thumb%20or%20guidelines%20about%20when%20an%20organization%20should%20create%20additional%20security%20policies%20in%20Endpoint%20manager%20after%20the%20Baselines%20have%20been%20implemented.%20i.e.%20what%20are%20the%20scenarios%20in%20which%20the%20baselines%20are%20not%20sufficient%20and%20additional%20configuration%20is%20recommended%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2006778%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdditional%20policies%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2011956%22%20slang%3D%22en-US%22%3ERe%3A%20When%20to%20use%20additional%20security%20policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2011956%22%20slang%3D%22en-US%22%3EHello%20Dean%20Gross%2C%3CBR%20%2F%3E%3CBR%20%2F%3ESecurity%20Baselines%20are%20sufficient%20in%20most%20cases%20but%20there%20might%20be%20some%20considerations%20when%20you%20look%20at%20the%20individual%20settings.%3CBR%20%2F%3EThink%20of%20Attack%20Surface%20Reduction%20(ASR)%20for%20instance%2C%20which%20blocks%20certain%20behaviors%20that%20might%20be%20normal%20for%20business%20applications%20to%20apply%20like%20downloading%20a%20file%20through%20a%20script.%3CBR%20%2F%3EIt%20all%20comes%20down%20to%20deciding%20what%20functionalities%20could%20stop%20your%20normal%20processes%20from%20running.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20would%20advice%20you%20to%20take%20a%20look%20here%20and%20see%20what%20every%20individual%20part%20of%20Defender%20for%20Endpoint%20does%20to%20decide%20whether%20you%20should%20create%20your%20own%20policies%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmicrosoft-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmicrosoft-defender-advanced-threat-protection%3C%2FA%3E%3C%2FLINGO-BODY%3E
Respected Contributor

Are there any rules of thumb or guidelines about when an organization should create additional security policies in Endpoint manager after the Baselines have been implemented. i.e. what are the scenarios in which the baselines are not sufficient and additional configuration is recommended?

1 Reply
Hello Dean Gross,

Security Baselines are sufficient in most cases but there might be some considerations when you look at the individual settings.
Think of Attack Surface Reduction (ASR) for instance, which blocks certain behaviors that might be normal for business applications to apply like downloading a file through a script.
It all comes down to deciding what functionalities could stop your normal processes from running.

I would advice you to take a look here and see what every individual part of Defender for Endpoint does to decide whether you should create your own policies:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft...
www.000webhost.com