"Although many enterprise IT teams are probably not hugely aware of MDAG, there could still be hidden work caused by its removal. Microsoft, for its part, recommends that administrators do the following: Enable Microsoft Defender for Endpoint ASR rules to block risky Office file behaviors. Enable Windows Defender Application Control (WDAC) to ensure only trusted, signed code runs on devices. Review internal documentation and helpdesk guidance if your organization previously relied on Application Guard for Office."
"Nevertheless, MDAG's deprecation could still cause problems for customers that have built it into automated workflows. A generic example of this would be an automated workflow script that will only allow an Office document to be opened once it has passed through MDAG. If MDAG is no longer present, that script will need to be re-written - and procedures changed if the logs from isolation security testing were being sent into SIEMs as part of compliance rules."
Many enterprise IT teams may be unaware of Microsoft Defender Application Guard for Office (MDAG), yet its removal can create hidden operational work. Microsoft recommends enabling Microsoft Defender for Endpoint ASR rules to block risky Office file behaviors and enabling Windows Defender Application Control (WDAC) to allow only trusted, signed code. Administrators should also review internal documentation and helpdesk guidance if Application Guard for Office was previously relied upon. Deprecation can disrupt automated workflows that gate document access on MDAG scanning and can require rewriting scripts and modifying SIEM and compliance procedures.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]