Skip to main content

Attack Surface Reduction Rules (ASR) reporting using Microsoft 365 Security Center

This is my forst post since very long time

I have decied to come back and blog about some of my findings.


If you have an E5 License you can use the Microsoft 365 Security portal (security.microsoft.com) to access reports for ASR configuration and detection.

As far as I remember last time I want to access the reports they were in a different placce , it took me a while to figure out where they are locate , so I thought to blog about this.

To access the ASR report , From the home page of  security.microsoft.com , scroll down use the navigation pane on the left and select Reports


Then under General click on Security Report





Scroll down till you find the Attack Surface reduction rules section, click on the title and it will tack you  to a another page to view more details





From the configuration tab you can get an overview of  the configuration and which machines has ASR rules off,  enforced or in audit mode.


















If you click on the name of a specific machine it will show more details about the status of each rule.






That was it !

see you in the next blog post...

Regards
Amr




Comments

Post a Comment

Popular posts from this blog

Exchange 2010 - EMC "RBAC authorization returns Access Denied"

I was doing an Upgrade for Exchange 2003 to Exchange 2010 and after i installed the first CAS server and opened the EMC an error appeared that i have no permissions... while i was logged in with the setup account and it was a memeber of the Organization Managemnet Group. and i founbd this in the Applicaiton Log  "(Process w3wp.exe, PID 6716) "RBAC authorization returns Access Denied for user Udomain.Local/Users/AccountName. Reason: No role assignments associated with the specified user were found on Domain Controller XXXXX" " After alot of searches i was pulling my remaining hair out :)  I  found this post ( http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/fc568cc6-8691-4127-b70b-bcc82f9b1f7f?prof=required ) The issue was with 2 things : Allow inheritable permissions check Box was not enabled on the Exchange  Microsoft Exchange Organzaiton container inside the Configuration partition. The value for the attributes msExchRoleLink ...
Post a Comment
Read more

Upgrade from Lync Evaluation edition to Lync RTM.

If you have installed Lync Server using the 180 Day  trial bits  you can upgrade to the RTM bits nsing the following easy steps: Run setup.exe on your Lync server Volume License media. Click on "Install or Update Lync server system" Click on "Setup or remove Lync server components" Open CMD and  navigate to \Setup\amd64\setup and then run msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb  Open Lync Server Management Shell and then run Enable-CSComputer and then you are done !
7 comments
Read more

(A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

I was deploying a Lync Server Director in a Multi-Tenant configuration after i assigned the certificate a went to start the services, the Front-End services couldn't start with the following errors Log Name:      Lync Server Source:        LS Protocol Stack Date:          3/12/2013 1:52:06 PM Event ID:      14397 Task Category: (1001) Level:         Warning Keywords:      Classic User:          N/A Computer:      Lync Director FQDN Description: A configured certificate could not be loaded from store. The serial number is attached for reference. Extended Error Code: 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.). Event Xml: http://sch...
Post a Comment
Read more