This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
How to deploy this Exploit protection policy and how it works across M365 tenant and devices?
As I can see it requires the script but really not sure which script is needed and how to build from the below link?
https://video2.skills-academy.com/en-us/windows/client-management/mdm/policy-csp-exploitguard
Never done this but looks like you can capture current settings with powershell and create your own xml. This is not the primary security mechanism I would use to secure endpoints :)
Hi Pavel yannara Mirochnitchenko
What would be the alternative solution for this in the Intune or Defender for endpoint security if this is not the one?
@Vinod Survase I would recommend MS Security Baselines (Windows, Office, Edge) and andditional ASR rules. Then you should evaluate your security level with Defender for Endpoint.
Hi Pavel yannara Mirochnitchenko
We have ASR rules deployed via Intune but we were looking for Exploit protection specifically and MS Security Baselines were assigned before but after creation of all the custom policies we have disabled few of them.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Vinod Survase, Thanks for posting in Q&A. Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
You can configure exploit protection to your desired state then export the configuration file with xml format.
After that, you can configure the Exploit protection policy with the above xml to deploy it to the devices you want.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for sharing this Crystal-MSFT
I will check and work on this.
@Vinod Survase, OK!
I have deployed the policy and seems working but I was thinking how we can test it on devices like if there is any website or URL from MS which we can use to test whether the Exploit protection policy kicks-in when user tries to open any such links or websites
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
@Vinod Survase, Thanks for the reply. I am glad the policy is working. For the URL to test, based on my researching, I didn't find such one in our official article mentioned.
Crystal-MSFT , Yeah even I did not find it anywhere online. Actually there should be something which is going to show its working after creation or applied on devices.
@Vinod Survase, Thanks for your reply. To confirm if the setting is really working on device side, you can ask Defender support to see if they have any good suggestion. From Intune side, we can only confirm if the policy is applied successfully.