Best Practice to Enable Software Blades
We recommend you to enable the Software Blade and the operating modes in the order shown in the table below.
-
Add exclusions before you enable a Software Blade.
-
Enable the Software Blade on a test group before you enable it on the organization level.
table below
| Order | Software Blade | Operating Mode | Applicable Group Level |
|---|---|---|---|
| 1.1 | Anti-Malware1,2,3 | Prevent | Test |
| 1.2 | Prevent | Organization | |
| 2.1 | Forensics | Prevent | Test |
| 2.2 | Off | Organization | |
| 3.1 | Anti-Ransomware and Behavioral Guard1 | Detect | Test |
| 3.2 | Detect | Organization | |
| 3.3 | Prevent | Test | |
| 3.4 | Prevent | Organization | |
| 4.1 | Threat Emulation1 | Prevent | Test |
| 4.2 | Prevent | Organization | |
| 5.1 | Anti-Exploit1 | Detect | Test |
| 5.2 | Detect | Organization | |
| 5.3 | Prevent | Test | |
| 5.4 | Prevent | Organization | |
| 6.1 | Anti-Bot1 and URL Filtering1 | Detect | Test |
| 6.2 | Detect | Organization | |
| 6.3 | Prevent | Test | |
| 6.4 | Prevent | Organization | |
| 7.1 | Analysis and Remediation1 | High | Test |
| 7.2 | High | Organization | |
| 7.3 | Always | Test | |
| 7.4 | Always | Organization |
1 Add exclusions before enabling the blade.
-
For Citrix Anti-Malware, click here.
-
For Microsoft Terminal Server Anti-Virus, click here.
-
For FSLogix Anti-Virus, click here.
2 Schedule the scan during non-active period.
3 To add exclusions, see sk122706.