161: Attack surface reduction
Overview
Attack Surface Reduction in Microsoft Intune is designed to minimize vulnerabilities on Windows devices by controlling various behaviors and configurations that can be exploited by malware. It includes several profiles:
- Attack Surface Reduction Rules: Targets behaviors commonly used by malware, such as blocking executable files and scripts in Office apps, preventing obfuscated scripts, and stopping suspicious behaviors.
- Device Control: Manages and secures removable media and peripherals to prevent unauthorized devices from compromising your systems.
- Exploit Protection: Configures settings to protect against exploits that can take advantage of software vulnerabilities.
- App and Browser Isolation: Uses Windows Defender Application Guard to isolate potentially harmful content from the rest of the system.
- Application Control: Uses Windows Defender Application Control (WDAC) to control which applications and drivers can run on devices, helping to prevent untrusted applications from executing.
- Device Control Rules: Allows administrators to define rules for controlling device access, such as blocking USB drives or other removable media.