v20.events.data.microsoft.com #180
Comments
|
Hi @beerisgood, I have to take a closer look on this one as it involves other "events" rules. Keep you in touch. |
|
Instead of removing the IP put the option to the extra extra list. |
|
Debatable. While it might be beneficial in certain places where client machines are relying on ATP (requires Enterprise Windows license with active subscription by the way), in others users might not be pleased by the fact their OS leaks information about work environment to Microsoft. |
|
Leak information? Don't think so. Or did you have any facts about that? Microsoft include more and more security stuff from higher editions to lower and also this connection was established from my Pro edition. I would agree with @airbee7337 to put this domain on extra list. Then anyone with that need can block it |
...which implies that it's being used not only for ATP, right? As the latter can't be run on "Pro" edition. |
|
As i write already. Microsoft add ATP features to lower editions already, like ASR (Attack surface reduction) which is listed on ATP features site: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview So this connection is fine, as ASR for example get new definitions/ rules from that |
|
Sorry, I think we were talking about different features. I was referring specifically to what Microsoft offers under an umbrella of "cloud-delivered protection". |
Update IPs for extra, spy and update rules Move Microsoft Defender ATP endpoints to extras rules (#180)
|
@beerisgood Has been moved to the extra rules. |
Related to #138
This domain is needed for machine proxy and Internet connectivity settings and Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
The text was updated successfully, but these errors were encountered: