Understand attack surface reduction


Attack Surface Reduction is hardening the places where a threat is likely to attack. As a Security Analyst, it is your role to understand the protection options and provide recommendations. While you're performing alert investigations, you should know the events generated by Attack Surface Reduction on the host, which might provide forensics evidence.

The following items are a list of Attack Surface Reduction components:



Attack surface reduction rules

Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus).

Hardware-based isolation

Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. Use container isolation for Microsoft Edge to help guard against malicious websites.

Application control

Use application control so that your applications must earn trust in order to run.

Exploit protection

Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions.

Network protection

Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus)

Web protection

Secure your devices against web threats and help you regulate unwanted content.

Controlled folder access

Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus)

Device control

Protects against data loss by monitoring and controlling media used on devices, such as removable storage and USB drives, in your organization.