ASD's Blueprint for Secure Cloud

ASD Windows Hardening Guidelines-Attack Surface Reduction

This section describes the configuration of attack surface reduction within Microsoft Intune associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Basics

ItemValue
NameASD Windows Hardening Guidelines-Attack Surface Reduction
Description
PlatformWindows 10 and later

Assignments

ItemValue
Included groupsAll Devices
Excluded groups

Configuration settings

Attack Surface Reduction Rules

ItemValue
Block Adobe Reader from creating child processesBlock
- ASR Only Per Rule ExclusionsNot configured
Block execution of potentially obfuscated scriptsBlock
- ASR Only Per Rule ExclusionsNot configured
Block Win32 API calls from Office macrosBlock
- ASR Only Per Rule ExclusionsNot configured
Block credential stealing from the Windows local security authority subsystemBlock
- ASR Only Per Rule ExclusionsNot configured
Block executable files from running unless they meet a prevalence, age, or trusted list criterionBlock
- ASR Only Per Rule ExclusionsNot configured
Block JavaScript or VBScript from launching downloaded executable contentBlock
- ASR Only Per Rule ExclusionsNot configured
Block Office communication application from creating child processesBlock
- ASR Only Per Rule ExclusionsNot configured
Block all Office applications from creating child processesBlock
- ASR Only Per Rule ExclusionsNot configured
Block untrusted and unsigned processes that run from USBBlock
- ASR Only Per Rule ExclusionsNot configured
Block process creations originating from PSExec and WMI commandsBlock
- ASR Only Per Rule ExclusionsNot configured
Block persistence through WMI event subscriptionBlock
Block Office applications from creating executable contentBlock
- ASR Only Per Rule ExclusionsNot configured
Block Office applications from injecting code into other processesBlock
- ASR Only Per Rule ExclusionsNot configured
Use advanced protection against ransomwareBlock
- ASR Only Per Rule ExclusionsNot configured
Block executable content from email client and webmailBlock
- ASR Only Per Rule ExclusionsNot configured

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra