Tip 3 - Network Protection is important for Defender for Endpoint. With the use of Network Protection malicious sites and added indicators can be blocked. There are some important points which are commonly forgotten/ misconfigured for Windows.
👇
1/6
#30daysofm365d #MDE
Network Protection in itself is independent of MDE. The relationship between NP and MDE is the Custom Indicators features,C2-detection capability, WCF reporting, and some additional events. For Network Protection it is required to have Defender AV in active mode.
2/6
Configuration is possible with the use of Intune, GPO, PowerShell and other supported methods. Accepted configurations; Audit/ Block/ Disabled. Only block mode blocks the connection. For NP AV must be enabled with CP/RTP.
Some important info for the configuration.
3/6
For Windows 10/11/Server the setting "Enable Network Protection" is required.
For server there is some additional configuration required, without additional configuration NP is not working. (Currently not available in Endpoint Security profiles)
learn.microsoft.com/en-us/microsof…
4/6
Good to know; when -EnableNetworkProtection is configured and the additional configs are not set for Windows Server 2012R2/ 2016/ 2019+. The recommendation (scid-96) in MDE shows "compliant"
Windows Server 2012R2/ 2016 required the new unified agent.
5/6
Network protection is the main blocking mechanism 3p party browsers. For Microsoft Edge it is required to configure Defender SmartScreen. Without Defender SmartScreen sites are not blocked/ prevented.
More NP information: learn.microsoft.com/en-us/microsof…
6/6
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.