An error occurred:

Check: MSDE-00-000001

Microsoft Defender for Endpoint STIG: MSDE-00-000001 (in version v1 r0.1)

Title

Microsoft Defender Endpoint (MDE) must enable Defender Firewall. (Cat II impact)

Discussion

Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Application communication sessions are protected using transport encryption protocols, such as TLS, which provides web applications with a means to be able to authenticate user sessions and encrypt application traffic. Session authentication can be single (one-way) or mutual (two-way) in nature. Single authentication authenticates the server for the client, whereas mutual authentication provides a means for both the client and the server to authenticate each other. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and service-oriented architectures (SOAs). This requirement addresses communications protection at the application session, versus the network packet, and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Depending on the required degree of confidentiality and integrity, web services/service-oriented architecture (SOA) will require the use of TLS mutual authentication (two-way/bidirectional).

Check Content

Access the MDE portal as a user with at least a Security Administrator or equivalent role: 1. In the navigation pane, select Configuration management >> Endpoint security policies. 2. Verify a Policy Type exists for Defender Firewall. If a Policy Type does not exist for Defender Firewall and is not set to "Active=True", this is a finding.

Fix Text

Access the MDE portal as a user with at least a Security Administrator or equivalent role: 1. In the navigation pane, select Configuration management >> Endpoint security policies. 2. Click "Create new policy". 3. Select the Microsoft Defender Firewall Rules template. 4. Click "Create policy". 5. Assign a name and then click "Next". 6. Under Firewall Rule Name, click "+Add". 7. Configure Firewall policies as defined by the authorizing official (AO). 8. Save the policy.

Additional Identifiers

Rule ID: SV-272880r1085684_rule

Vulnerability ID: V-272880

Group Title: SRG-APP-000142

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000382

Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality