All SkillsGet Started Free
Configuring Windows Defender Advanced Settings
Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.
MCP get_skill({ skillId: "configuring-windows-defender-advanced-settings-619b565d" })Use this skill with your agent
Create a free account and connect via MCP
# Configuring Windows Defender Advanced Settings ## When to Use Use this skill when: - Configuring Microsoft Defender for Endpoint (MDE) beyond default settings for enhanced protection - Implementing Attack Surface Reduction (ASR) rules to block common attack techniques - Enabling controlled folder access for ransomware protection - Configuring network protection and exploit protection features - Deploying Defender settings via Intune, SCCM, or Group Policy at enterprise scale **Do not use** this skill for third-party EDR deployment (CrowdStrike, SentinelOne) or for Microsoft Defender for Cloud (Azure workload protection). ## Prerequisites - Windows 10/11 Enterprise with Microsoft Defender Antivirus enabled - Microsoft 365 E5 or Microsoft Defender for Endpoint Plan 2 license (for full MDE features) - Microsoft Intune or SCCM for enterprise policy deployment - Microsoft 365 Defender portal access (security.microsoft.com) - Endpoints not running third-party AV in active mode (Defender enters passive mode) ## Workflow ### Step 1: Configure Attack Surface Reduction (ASR) Rules ASR rules block specific behaviors commonly used by malware and attackers: ```powershell # Enable ASR rules via PowerShell (or deploy via Intune/GPO) # Mode: 0=Disabled, 1=Block, 2=Audit, 6=Warn # Block executable content from email client and webmail Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 ` -AttackSurfaceReductionRules_Actions 1 # Block all Office applications from creating child processes Set-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EFC-AADC-AD5F3C50688A ` -AttackSurfaceReductionRules_Actions 1 # Block Office applications from creating executable content Set-MpPreference -AttackSurfaceReductionRules_Ids 3B576869-A4EC-4529-8536-B80A7769E899 ` -AttackSurfaceReductionRules_Actions 1 # Block Office applications from injecting code into other processes Set-MpPreference -AttackSurfaceReductionRules_Ids 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 ` -AttackSurfaceReductionRules_Actions 1 # Block JavaScript or VBScript from launching downloaded executable content Set-MpPreference -AttackSurfaceReductionRules_Ids D3E037E1-3EB8-44C8-A917-57927947596D ` -AttackSurfaceReductionRules_Actions 1
#mukul-cybersecurity-skills#security#cybersecurity#monitoringpowershell