Having learned about each of the elements of Exploit Guard, it’s important that you know how to enable and configure these settings in Intune. Use the following procedure:
- Open Microsoft Intune admin center.
- Navigate to Devices and then select Windows.
- Click Configuration profiles.
- Click Create profile.
- On the Create a profile page, select Windows 10 and later and then select Templates.
- In the list of templates, select Endpoint protection and click Create.
- Enter a Name and Description on the Basics tab, and then, on the Configuration settings page, expand Microsoft Defender Exploit Guard.
- As shown in Figure 3-57, configure the required settings in the following folders:
• Attack Surface Reduction Select the desired protections.
• Controlled folder access Enable the setting and define apps and folders.
• Network filtering Enable the setting or enable in Audit mode.
• Exploit protection Browse and locate a previously created XML file that contains exploit settings you exported from the Windows Security app on a properly configured device.
FIGURE 3-57 Configuring Exploit Guard settings
- Click Next, configure scope tags and assignments as necessary, and then Create the profile.
Implement Microsoft Defender Application Guard
Microsoft Defender Application Guard isolates browser sessions from the local device by running those sessions in a virtual machine environment; this helps prevent malicious apps or content from accessing the local device.
Requirements
The requirements for Microsoft Defender Application Guard are as follows:
- 64-bit version of Windows 11 Enterprise, Education, or Professional.
- 8 GB of physical memory is recommended.
- Support for Virtualization-based security.
- Secure Boot.
- Virtualization features: Intel VT-x, AMD-V, and SLAT must be enabled.
- An Intel VT-d or AMD-Vi input-output memory management unit.