This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
A security team wants to roll out an Attack Surface Reduction rule that blocks Office apps from creating child processes, but is concerned a line-of-business macro might break. What's the recommended first step?
Deploy the ASR rule in Block mode to a pilot group and review user-reported issues.
Configure the ASR rule in Audit mode for a pilot group and review reported events before enforcing it.
Add a permanent exclusion for the LOB app and deploy the rule in Block mode to all devices immediately.
Users are connecting to cloud apps from remote networks that don't route through the corporate proxy. Which Microsoft Defender data source best provides ongoing discovery for those endpoints?
Snapshot reports from manually uploaded firewall logs.
Defender's endpoint integration for cloud discovery.
A continuous report from the on-premises secure web gateway.
An admin wants to repeatedly detect and fix a misconfigured registry value on managed Windows devices without manual intervention. Which Microsoft Intune capability fits this requirement?
A proactive remediation script package with detection and remediation scripts.
An Attack Surface Reduction rule in Audit mode.
A device compliance policy that marks the device noncompliant.
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?