Check: MSDE-00-000900
Microsoft Defender for Endpoint STIG:
MSDE-00-000900
(in version v1 r1)
Title
Microsoft Defender for Endpoint (MDE) must enable Device discovery. (Cat II impact)
Discussion
Malicious code protection mechanisms include, but are not limited to, antivirus and malware detection software. To minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. This setting allows onboarded devices to discover unmanaged devices in the network and assess vulnerabilities and risks.
Check Content
Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints >> Advanced features (under General). 2. Verify the slide bar for "Device discovery" is set to "On". If the slide bar for "Device discovery" is not set to "On", this is a finding.
Fix Text
Access the MDE portal as a user with at least an MDE Administrator or equivalent role: 1. In the navigation pane, select Settings >> Endpoints >> Advanced features (under General). 2. Set the slide bar for "Device discovery" to "On".
Additional Identifiers
Rule ID: SV-275987r1119717_rule
Vulnerability ID: V-275987
Group Title: SRG-APP-000279
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001243 |
Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |