It’s an Attack Surface Reduction rule and it is exploited in the wild, so it’s import to close up this vulnerability to fileless attacks.
Security
Turning off Autoplay is a recommended policy in Endpoint Manager device configuration. It is recommended because it can prevent the automatic opening a files from any drive type
entities. Two of them are particularly good ideas to limit how a domain can be accessed and will create significant hurdles for criminals
Remember when people stood on their soapbox and said that Microsoft should make things secure by default for everyone? That’s device encryption.
Recently, we’ve noticed more USA based attacks. Using MCAS we can block those attempts
If you’re mhklassen@aol.com, your account has been compromised and is being used by criminals to attack my website. I do hold you responsible because you’ve ignored that message to change your password to something more complex and use two-factor authentication.
What if we want both low and high severity alerts from a policy? Technically MCAS can’t do this.
do I dare ignore what I see in the logs if my AV is giving me a clean bill of health? Can I really afford to rebuild this server when things seem mostly ok?
There’s been a lively discussion with “breaking news” about the extent of the intrusion into networks and the solution to it over on our Ransomware and Security group. Now that it seems to have reached a stable information point I thought I would summarize that you need to know.
A couple of situations have given rise to the need to prevent the downloading of data to untrusted devices.