TickYouOff
Sign in
Back
🔒

Microsoft Defender for Endpoint STIG Checklist

Hard 18 items · 4 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist guides administrators and security teams through the essential steps to implement the Microsoft Defender for Endpoint (MDE) STIG, Version 1 Release 2. It’s designed to help secure endpoints, enable detection and protection features, and verify compliance for managed environments.

Source: https://ncp.nist.gov/checklist/1297

Progress
0 / 18
  1. Inventory all endpoints with Microsoft Defender for Endpoint installed — List devices, OS versions, and management status.
  2. Verify MDE product version and apply recommended updates — Confirm version matches STIG requirements and patch as needed.
  3. Enable tamper protection in MDE policy — Prevents unauthorized changes to protection settings.
  4. Enable real-time protection and cloud-delivered protection — Ensure threats are blocked and cloud intelligence is used.
  5. Enable Endpoint Detection and Response (EDR) and set to block mode if available — Activate EDR to detect and block advanced threats.
  6. Deploy MDE sensors to all managed devices — Install and verify sensor health and connectivity.
  7. Configure automatic signature and intelligence updates — Set frequent update cadence for signatures and threat intel.
  8. Enable network protection and web content filtering — Block access to known malicious sites and content.
  9. Enable attack surface reduction (ASR) and exploit protection — Reduce common exploit paths and application attack surface.
  10. Enable high-confidence ASR rules — Start with recommended high-confidence rules to minimize false positives.
  11. Configure exploit mitigations for browsers and Office apps — Apply targeted mitigations to commonly exploited applications.
  12. Configure Controlled Folder Access to protect critical data — Limit app access to protected folders to prevent ransomware damage.
  13. Review and remove unnecessary local exclusions — Audit exclusions to reduce blind spots and security risk.
  14. Integrate MDE with Microsoft Entra ID and Microsoft Intune where applicable — Enable identity and device management integrations for policy delivery.
  15. Configure role-based access control and enable administrative audit logging — Restrict privileges and log admin actions for accountability.
  16. Run a full vulnerability and STIG compliance scan and remediate findings — Execute scans and track remediation until compliance is achieved.
  17. Document approved exceptions and maintain deviation waivers — Record rationale, compensating controls, and approval details.
  18. Schedule periodic policy reviews and update cadence — Set recurring reviews to adapt to new threats and STIG updates.
Sign in to save
📝 My Notes