Device Security
      Back to home
      1. Sittadel Knowledge Base
      2. Technical Operations
      3. Device Security

      Manage Defender Controlled Folder Access

      Use this operation to manage folders and applications included in Defender Controlled Folder Access settings.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: Device Security

      Domain: TBD

      Modifies: TBD

      2024-12-17_9-49-52

      When to Perform this Operation

      As Needed: Proactive or in Response to User/Security

      Technical Description and Importance

      Managing Controlled Folder Access (CFA) settings in Microsoft Defender provides additional protection against unauthorized changes to designated folders. By adding protected folders or allowing specific applications, you safeguard sensitive data against malicious software. Conversely, removing unnecessary folders or untrusted application allowances helps maintain a secure and streamlined configuration. This ensures that business-critical applications function without exposing the organization to unnecessary risks, aligning with potential compliance and organizational data protection requirements. Regular updates to CFA settings enhance both security and operational efficiency.

      Management Options

      2024-12-17_10-15-21

      Controlled Folder Access Protected Folder Addition:

      Purpose
      Add a folder to the sanctioned CFA list to enhance protection against unauthorized access.
      Use Case
      A team requires additional protection for a newly created project folder storing sensitive financial data.

      Controlled Folder Access Protected Folder Removal:

      Purpose
      Remove a folder from the sanctioned CFA list to stop monitoring or protection.
      Use Case
      A deprecated folder is no longer in use and needs to be removed from CFA monitoring.

      Controlled Folder Access Protected Folder Application Allowance:

      Purpose
      Allow a trusted application through CFA to enable its access to protected folders.
      Use Case
      A verified business application needs access to a protected folder to operate correctly.

      2024-12-17_10-15-21-1

      Operation Action Target
      Controlled Folder Access Protected Folder Addition Addition Sanctioned Controlled Folder Access Folders
      Controlled Folder Access Protected Folder Removal Removal Sanctioned Controlled Folder Access Folders
      Controlled Folder Access Protected Folder Application Allowance Addition Controlled Folder Access Application Exception

      Controlled Folder Access Protected Folder Addition

      This operation adds a folder to the sanctioned CFA list, enabling protection against unauthorized modifications.

             1. Defender Controlled Folder Access Folder Addition

      Controlled Folder Access Protected Folder Removal

      This operation removes a folder from the sanctioned CFA list, disabling protection and monitoring for that folder.

             1. Defender Controlled Folder Access Folder Removal

      Controlled Folder Access Protected Folder Application Allowance

      This operation allows a trusted application to access CFA-protected folders.

             1. Defender Controlled Folder Access Application Allowance

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.