Using Windows Defender Application Control

So now that we have discussed how to protect the system and system files, let’s talk about protecting applications. When an application runs, it has the ability to access data with the same access to data that a user has. Because of this, Microsoft has created Windows Defender Application Control (WDAC) to help stop attacks of data through the use of applications.

For many years, if a user had local admin rights and they wanted to install an application onto a corporate machine, they just did it. Users just assume that applications that they buy or download is trustworthy.

You can now use Windows Defender Application Control to ensure that only applications that you explicitly allow can run on your Windows computers. It allows you to control applications, and this is a big advantage over just using antivirus software. By stopping applications from running unless you explicitly allow the application is just another layer of protection that organizations can use in their war against data theft.

For many years, top- level security analysts have stated that application control is one of the best ways to address the many threats that executable- based malware uses against companies. Now, you can add another layer of security by listing what applications can specifically run on your Windows corporate systems.

If you want to create policies to use with Windows Defender Application Control, you must meet the following system requirements:

        Windows 10/11 Enterprise

        Windows Server 2016 and higher

There are several ways to deploy Windows Defender Application Control policies to  manage endpoints, including:

        Deploying using a mobile device management (MDM) solution, such as Intune

        Deploying using Microsoft Endpoint Configuration Manager

■         Deploying via script

       Deploying via Group Policy

Once Windows Defender Application Control is set up, you can create and configure policies by using GPOs or Intune.

Summary

This chapter discussed Windows Security, the tools that help protect a device and its data.

This is one of many ways that you can protect your system.

We discussed Windows Firewall and using Windows Firewall with Advanced Security. Windows Firewall helps prevent unauthorized users from connecting to the client operating system. Windows Firewall is an extra line of defense, but it should not replace a perimeter firewall for your network.

We then explored working with Microsoft Defender for Endpoint. We described the plans available and the deployment steps. We also discussed the numerous ways that you can onboard devices to Defender for Endpoint, which vary depending on the operating system and deployment method you are using.

You learned how to monitor your devices using Microsoft Defender for Endpoint and how you can view information about device compliance and onboarding by using the Microsoft Endpoint Manager admin center.

We discussed Endpoint Protection and what endpoints are. Endpoint security helps you protect your endpoints from cyberattacks by using a wide variety of services and solutions.

Then we covered endpoint security using Intune and creating and monitoring security baselines. In Intune, security baselines are preconfigured groups of settings that are recommended best practices from the Microsoft security teams for that product.

We also discussed Endpoint Detection and Response by using the Security Operations dashboard to view a wide variety of tiles such as Active Alerts, Devices At Risk, Devices With Sensor Issues, Service Health, and Daily Devices Reporting. We explored the response actions you can take.

You then learned about Microsoft Defender Application Guard, specifically designed for Windows 10/11 and Microsoft Edge. Application Guard works with Edge to isolate untrusted websites, thus protecting your organization’s network and data while users are working on the Internet.

Then we focused on Windows Defender Credential Guard, a virtualization- based security service to help isolate critical files so that only system software that is privileged can access those critical files.

You learned how to use Microsoft Defender Exploit Guard to protect your Windows 10/11 system against malware, ransomware, and other types of attacks. Microsoft Defender Exploit Guard does this by reducing the attack surface of a device.

Finally, you learned how to use Windows Defender Application Control to control applications and stop them from running unless you explicitly allow it.

Exam Essentials

Know how to run scans with Windows Security. Know how to set up and run virus scans using Windows Security.

Know how to configure Windows Firewall. Know how to set up and maintain Windows Firewall with Advanced Security. Know that you can set up inbound and outbound rules by using Windows Firewall. Know how to allow or deny applications by using Windows Firewall.

Exam Essentials

Know how to use Microsoft Defender for Endpoint. Know what Microsoft Defender for Endpoint can do for you as well as how to onboard devices into Microsoft Defender for Endpoint. Also, know how to monitor Microsoft Defender for Endpoint as well as how to investigate and respond to threats using the Security Operations dashboard and response actions.

Know how to plan and implement Endpoint Protection. Know and understand what endpoints are and how to plan endpoint security.

Understand Endpoint Security. Know how to create and manage configuration policies for Endpoint Security, including antivirus, encryption, firewall, endpoint detection and response, and attack surface reduction.

Know how to use security baselines in Intune. Know what security baselines are and how to implement and manage them in Intune.

Understand how to use Microsoft Defender Application Guard. Understand how Application Guard works with Edge to isolate untrusted websites and how to set up Standalone and Enterprise modes.

Understand how to use Windows Defender Credential Guard. Know how Windows Defender Credential Guard uses virtualization- based security to help isolate critical files so that only system software with privileges can access those critical files.

Understand how to use Microsoft Defender Exploit Guard. Know how Microsoft Defender Exploit Guard helps protect your Windows client system against malware, ransomware, and other types of attacks.

Know how to use Windows Defender Application Control. Understand how Windows Defender Application Control allows you to control which applications are allowed on a Windows client system.

Leave a Reply

Your email address will not be published. Required fields are marked *