Configure attack surface reduction


Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

You can configure attack surface reduction with a number of tools, including:

  • Microsoft Intune
  • Microsoft Endpoint Configuration Manager
  • Group Policy
  • PowerShell cmdlets
Article Description
Enable hardware-based isolation for Microsoft Edge How to prepare for and install Application Guard, including hardware and software requirements
Enable application control How to control applications run by users and protect kernel mode processes
Exploit protection How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps
Network protection How to prevent users from using any apps to access dangerous domains
Controlled folder access How to protect valuable data from malicious apps
Attack surface reduction How to prevent actions and apps that are typically used by exploit-seeking malware
Network firewall How to protect devices and data across a network