Network share configuration assessment
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft 365 Defender
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.
The ability to share files and folders over a network allows users to provide access to resources like files, documents, and media to other people on the network. As network shares can be easily accessed by network users, some common weaknesses exist that can cause network shares to be vulnerable.
When vulnerable network share configurations are identified, they're mapped to actionable security recommendations in the Security recommendations page. The following recommendations can help protect against vulnerabilities in network shares that could be exploited by attackers:
- Disallow offline access to shares
- Remove shares from the root folder
- Remove share write permission set to 'Everyone'
- Set folder enumeration for shares
Find information about exposed network shares
To see security recommendations addressing network share configurations:
- Go to Vulnerability management > Recommendations.
- Select Filters and choose Related component > OS > Shares.
- Select Apply.
If there are network shares with vulnerabilities to address, they'll appear in the list of recommendations
Select a recommendation to see a flyout with information on the vulnerable network share configuration:
Explore the Exposed devices and Exposed shares tabs for details of the exposed entities in your organization.
Request remediation for the network share configuration
You can view and submit a remediation request from the remediation options tab:
View configuration remediation activities
Go to Vulnerability management > Remediation and filter by the remediation type, "configuration change" to see the activity item related to this change.