2022-02-16

Windows Defender Exploit Guard should be enabled on machines

There are recommendations for improving security inside Microsoft Defender for Cloud for cloud. There is a list of tasks in the regulatory compliance area.


One of them is "Windows Defender Exploit Guard should be enabled on machines" which is advised to be resolved by the "Trigger logic app". That offer is the biggest SCAM Microsoft did to me in a long time.

 


The app must be manually created as consumption-based and I couldn't even find documentation, so I created a ticket to MS support. Both Security and LogicApp teams provided me with the answer that it's not their responsibility. That answer took like a week. The final suggestion is that if I want to do it with the logic app I must configure it fully by myself.

 

 

The only valid answer I was able to get was to look in detail for section "Remediation steps, Manual remediation: 1. Enable controlled folder access.".

 

Thank you for false advices!