Overview of attack surface reduction

Applies to:

Reduce your attack surfaces by minimizing the places where your organization is vulnerable to cyberthreats and attacks. Use the following resources to configure protection for the devices and applications in your organization.

Article Description
Hardware-based isolation Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites.
Application control Use application control so that your applications must earn trust in order to run.
Exploit protection Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions.
Network protection Extend protection to your network traffic and connectivity on your organization's devices. (Requires Windows Defender Antivirus)
Controlled folder access Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Windows Defender Antivirus)
Attack surface reduction Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Windows Defender Antivirus)
Network firewall Prevent unauthorized traffic from flowing to or from your organization's devices with two-way network traffic filtering.