MS.DEFENDER.4.5v1 - A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.

Information

Some apps may inappropriately share accessed files or not conform to agency policies for access to sensitive information. Defining a list of those apps makes it possible to use DLP policies to restrict those apps' access to sensitive information on endpoints using Defender.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Sign in to the Microsoft Purview compliance portal.

2. Under Solutions, select Data loss prevention.

3. Go to Endpoint DLP Settings.

4. Go to Restricted apps and app groups.

5. Click Add or edit Restricted Apps.

6. Enter an app and executable name to disallow said app from accessing protected files, and log the incident.

7. Return and click Unallowed Bluetooth apps.

8. Click Add or edit unallowed Bluetooth apps.

9. Enter an app and executable name to disallow said app from accessing protected files, and log the incident.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-5, 800-53|AC-6, 800-53|AC-7, 800-53|AC-16, 800-53|AC-17, 800-53|AC-18, 800-53|AC-19, 800-53|AC-20, 800-53|CA-7, 800-53|CA-8, 800-53|CM-2, 800-53|CM-5, 800-53|CM-6, 800-53|CM-7, 800-53|CM-8, 800-53|CP-2, 800-53|CP-6, 800-53|CP-7, 800-53|CP-9, 800-53|CP-10, 800-53|IA-2, 800-53|IA-3, 800-53|IA-4, 800-53|IA-5, 800-53|IA-6, 800-53|IA-8, 800-53|RA-5, 800-53|SC-4, 800-53|SC-7, 800-53|SC-28, 800-53|SC-36, 800-53|SI-3, 800-53|SI-4, 800-53|SI-7, 800-53|SI-10, 800-53|SI-12, 800-53|SI-15, 800-53|SI-16

Plugin: microsoft_azure

Control ID: 47e54d3a5555efee21c2cd484e7e59a3cfc951036e2bccb2478bcb6dbca77553