Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Forum Discussion

Brass Contributor

Oct 08, 2021

Solved

ASR: Block abuse of exploited vulnerable signed drivers

Hey there, I am seeing a recommendation to apply the ASR Rule as listed above. It looks like a fairly new edition to the series of 16 ASR rules that can be configured. However, on closer insp...

Jake_Mowrer
Oct 13, 2021
James_Gillies we have not added this ASR Rule to the MEM ASR rule configuration profile. We have plans to add this configuration option so you don't have to use OMA-URIs so stay tuned.

Thanks,

Jake

Brass Contributor

Jun 28, 2022

We switched our ASR policy over to the new "modern" MEM policies that target mdm and MicrosoftSense about 1 month ago. MEM enrolled devices successfully receive the policies however devices like servers that are only enrolled in MDE (MicrosoftSense) do not yet receive these policies and we have had to use our RMM tools to deploy the ASR policies via PowerShell. Hopefully in the future devices that are only MDE enrolled will also get these policies (as the target of mdm,microsoftsense suggests they should)

Steel Contributor

Jun 29, 2022

mcoombe Are your servers correctly hybrid joined? This is a prereq.

mcoombe
Brass Contributor
Jun 29, 2022
We are using the new MDE Security Configuration Management which is supposed to deploy MEM policies for AV and FW to devices that are only enrolled in MDE with the Microsoft Sense service installed. So far both the AV and FW policies are working fine on MDE only devices such as servers and enpoints that are not enrolled in MEM (AAD Joined or Hybrid Joined) but the ASR policies are not being deployed to these same machines. The documentation does not yet state that ASR is included under this configuration and I am just assuming this is on the roadmap as the target for the new ASR policy states mdm,microsoftSense (same as the AV and FW policies that work. 🤞

https://docs.microsoft.com/en-us/mem/intune/protect/mde-security-integration
- PatrickF11
  Steel Contributor
  Jun 29, 2022
  Thank you, so most things are working for non MEM-enrolled devices, except ASR? I've didn't tested this, yet. (Interesting topic but i think we shouldn't mix these two topics in this thread, therefore i stop asking further questions :D)
  - mcoombe
    Brass Contributor
    Jun 29, 2022
    PatrickF11 Good idea 👍 There is another thread for ASR and modern MEM policies here if you want to contribute. https://techcommunity.microsoft.com/t5/microsoft-365-defender/mde-vs-intune-for-asr/m-p/3508599

Share

Resources