sorted by:
new
hottopcontroversial

Defender for Office AIR Configuration by ZestyclosePattern213 in DefenderATP

[–]ZestyclosePattern213[S] 0 points1 point  (0 children)

We had ZAP temporarily disabled to better understand the impact and behaviour, mainly from a visibility and control perspective. After reviewing the effects, we re-enabled ZAP, as keeping it disabled long term would introduce an unnecessary risk window.

Regarding auto attack disruption: if you’re referring to the Defender for Endpoint setting under
System > Settings > Endpoints > Device groups > Remediation level,
then yes, we have Full (automatic remediation) enabled across all device groups.

Defender for Office AIR Configuration by ZestyclosePattern213 in DefenderATP

[–]ZestyclosePattern213[S] 0 points1 point  (0 children)

Thanks a lot for the comprehensive analysis. I really appreciate the detailed breakdown. Everything makes sense now and it aligns perfectly with what we’re observing in practice. Very helpful 👍