Check: MSDE-00-000750
Microsoft Defender for Endpoint STIG:
MSDE-00-000750
(in version v1 r1)
Title
Microsoft Defender for Endpoint (MDE) must enable Show user details. (Cat II impact)
Discussion
Malicious code protection mechanisms include, but are not limited to, antivirus and malware detection software. To minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. This setting enables displaying user details: picture, name, title, department, stored in Azure Active Directory.
Check Content
Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints >> Advanced features (under General). 2. Verify the slide bar for "Show user details" is set to "On". If the slide bar for "Show user details" is not set to "On", this is a finding.
Fix Text
Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints >> Advanced features (under General). 2. Set the slide bar for "Show user details" to "On".
Additional Identifiers
Rule ID: SV-275984r1119714_rule
Vulnerability ID: V-275984
Group Title: SRG-APP-000279
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001243 |
Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |