Check: MSDE-00-001400
Microsoft Defender for Endpoint STIG:
MSDE-00-001400
(in version v1 r1)
Title
Microsoft Defender for Endpoint (MDE) Discovery Mode must be set to All Devices. (Cat II impact)
Discussion
Malicious code protection mechanisms include, but are not limited to, antivirus and malware detection software. To minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. This setting enables standard discovery for supported devices that have been onboarded.
Check Content
Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Device Discovery. Select which devices to use for Standard discovery (under Discovery setup). 2. Verify "All devices (recommended)" is selected. If the slide bar for "All devices (recommended)" is not selected, this is a finding.
Fix Text
Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints. Select which devices to use for Standard discovery (under Discovery setup). 2. Select "All devices (recommended)".
Additional Identifiers
Rule ID: SV-275997r1119727_rule
Vulnerability ID: V-275997
Group Title: SRG-APP-000279
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001243 |
Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |