Microsoft Defender - Attack Surface Reduction - without ATP

Question

Attack Surface Reduction (ASR) looks really powerful;

Microsoft Defender Advanced Threat Protection - Windows security | Microsoft Learnhttps://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection#asr

You don't need to subscribe to ATP to use it;

PSA: Defender Attack Surface Reduction Functions without ATP : sysadminhttps://www.reddit.com/r/sysadmin/comments/cr71sj/psa_defender_attack_surface_reduction_functions/

It looks like it can be configured in Endpoint Manager ("InTune").

Is it...

Option 1: Windows 10 Enterprise (standalone; domain joined)
functionality: works
control: basic, using group Policy, PowerShell, MDM bridge and maybe Configuration Manager
monitor: via logs only
support: not supported

Option 2: Windows 10 Enterprise with Endpoint Manager
functionality: works
control: https://endpoint.microsoft.com
monitor: via logs
support: not supported

Option 3: Windows 10 Enterprise E5 or Defender ATP add-on
functionality: works
control: https://endpoint.microsoft.com
monitor: https://securitycenter.windows.com
support: supported

This sounds really valuable, and you may be able to have limited - but still highly beneficial - use without Denfender ATP.

Is this correct?

Anyone used ASR without ADP? Any experience you can share?

Answer 1

Hi ,

Windows Defender Advanced Threat Protection (ATP) Support is currently not supported in the Q&A forums.

You can have this asked in Windows Defender Advanced Threat Protection (ATP) Support forum for better answers. Here is the link:

https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview

Please accept helpful replies as answer if you want to end this thread up.

Best Regards,

Candy