Device Security
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Device Security

      Defender ASR All-Rule Exclusion

      This guide will allow administrators to exclude a specific directory location from being enforced by all configured ASR rules.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: Device Security

      Domain: Attack Surface Reduction Management

      Modifies: Attack Surface Reduction All Rule Process Exclusions

      Defender ASR All-Rule Exclusion

      1. Navigate to Attack Surface Reduction – Intune, locate the Security Essentials Attack Surface Reduction configuration item.
      2. Scroll down to Configuration Settings and select Edit.
      3. The default rules will be displayed. Locate the Attack Surface Reduction Only Exclusions toggle, this will exclude whichever directory or file path from being scanned. Click the Not Configured toggle; it will turn to Configured.
      4. In the text box below, input the full file path or directory requiring exemption as shown.
      5. Click Review and Save on the next page, followed by Save. Rule changes propagate in less than 24 hours.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.