![]() ![]() Corporate networks are typically chosen to be monitored. ![]() To identify a network as corporate, we correlate network identifiers across all tenant's clients and if most devices in the organization report that they're connected to the same network name, with the same default gateway and DHCP server address, we assume that this is a corporate network. Microsoft Defender for Endpoint analyzes a network and determines if it's a corporate network that needs to be monitored or a non-corporate network that can be ignored. You can configure the devices to exclude in the Exclusions page. Those devices will be passively discovered but won't be actively probed. Note that devices can still be discovered using Basic discovery mode and can also be discovered through multicast discovery attempts. If there are devices on your network that shouldn't be actively scanned (for example, devices used as honeypots for another security tool), you can also define a list of exclusions to prevent them from being scanned. Exclude devices from being actively probed in standard discovery For example, C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\UnicastScannerV1.1.0.ps1. Those PowerShell scripts are Microsoft signed and are executed from the following location: C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\*.ps. Standard discovery uses various PowerShell scripts to actively probe devices in the network. If you've selected to use Standard discovery, select which devices to use for active probing: all devices or on a subset by specifying their device tags, and then select Save.If you want to configure Basic as the discovery mode to use on your onboarded devices, select Basic and then select Save.To set up device discovery, take the following configuration steps in Microsoft 365 Defender portal: You can either enable standard discovery on all the onboarded devices that also support this capability (currently - Windows 10 or later and Windows Server 2019 or later devices only) or select a subset or subsets of your devices by specifying their device tags. You can customize the list of devices that are used to perform standard discovery. Use the standard option to actively find devices in your network, which will better guarantee the discovery of endpoints and provide richer device classification. Discovery can be configured to be on standard or basic mode. ![]()
0 Comments
Leave a Reply. |