Glossary
Attack Surface Reduction
A Microsoft Defender for Endpoint feature with granular rules that block common attack techniques on Windows endpoints.
Attack Surface Reduction (ASR) rules are a feature of Microsoft Defender for Endpoint that block common attack techniques on Windows endpoints — macro abuse, credential theft from lsass.exe, process creation by Office applications and scripts, executable files without prevalence / age / trust signals, persistence via WMI, Adobe Reader child processes, and many more. Each rule operates in Audit, Warn, or Block mode. Recommended deployment: enable in audit mode first to measure impact, validate no legitimate scenarios break, then move to block. Configured via Intune, Group Policy, Configuration Manager, or PowerShell. One of the highest-leverage endpoint security investments available.