Configure advanced features
The Advanced features page in the General area of the Settings - Endpoints menu of the Microsoft Defender portal provides the following alert and detection-related settings:
The Advanced features area in General Settings area provides many an on/off switch for features within the product. The following are settings that are alert focused.
| Feature | Description |
|---|---|
| Live Response | Allows users with appropriate RBAC permissions to investigate devices that they're authorized to access, using a remote shell connection. |
| Live Response unsigned script execution | Enables using unsigned scripts in Live Response. |
| Custom network indicators | Configures devices to allow or block connections to IP addresses, domains, or URLs in your custom indicator lists. |
Live response
Turn on this feature so that users with the appropriate permissions can start a live response session on devices.
Live response unsigned script execution
Enabling this feature allows you to run unsigned scripts in a live response session.
Custom network indicators
Turning on this feature allows you to create indicators for IP addresses, domains, or URLs, which determine whether they'll be allowed or blocked based on your custom indicator list.