Microsoft Defender ATP now secures removable storage, printers

Microsoft Defender ATP now secures removable storage, printers

Since employees have switched to remote working during the COVID-19 pandemic, home printers and removable devices have expanded the attack surface to their companies’ data and daily business operations.

To address this increased security exposure, Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.

These new capabilities available in the enterprise endpoint security platform (previously known as Microsoft Defender Advanced Threat Protection) will allow access restrictions to removable devices and blocking printing tasks via non-corporate or non-approved printers.

“We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios,” Microsoft said.

“These new device control capabilities further reduce the potential attack surface on user’s machines and safeguard organizations against malware and data loss in removable storage media scenarios.”

Removable device control protection now generally available

Removable storage access control on Windows and removable storage protection on Mac are generally available, and printer protection on Windows is now available in public preview.

The new removable storage access control capabilities added to the Windows version complement already existing device control protection for scenarios such as removable storage Endpoint DLP, device installation, and removable storage BitLocker.

USB storage device control added to the Mac version of Microsoft Defender for Endpoint is designed to balance the level of access given to external storage devices using custom policies.

Last month, Microsoft Defender for Endpoint also added support for detecting jailbroken iOS devices and mobile application management (MAM) support for non-Intune enrolled Android and iOS devices.

By jailbreaking their iOS devices, users gain complete write and execution access elevating their permissions to root, thus removing all Apple-imposed restrictions on installing apps.

With no restrictions in place, they can later install potentially malicious applications and, by skipping likely critical security updates to maintain their root access, they will also expose themselves to attacks.

Source link

Sign up for our daily Cyber Security Analysis and Threat Intelligence news.