Microsoft Introduces Enhanced File Integrity Monitoring with Defender for Endpoint

Published: Sep 09, 2024

Network Security

SHARE ARTICLE

Key Takeaways:

  • Microsoft’s new version of File Integrity Monitoring (FIM) with Defender for Endpoint helps detect unauthorized modifications by comparing current file states with previous scans.
  • FIM allows administrators to track changes to critical files and registries.
  • This feature requires Microsoft Defender for Servers Plan 2 subscription.

Microsoft has released a new version of File Integrity Monitoring (FIM) based on Defender for Endpoint in public preview for commercial customers. File Integration Monitoring is a security feature that analyzes the integrity of critical files to prevent any unauthorized changes.

“To provide File Integrity Monitoring (FIM), Microsoft Defender for Endpoint collects data from machines according to collection rules. When the current state of your system files is compared with the state during the previous scan, FIM notifies you about suspicious modifications,” Microsoft explained.

With File Integration Monitoring, administrators can track changes made to critical files and Windows registries from a predefined list. Additionally, they can examine the audited changes in a designated workspace. FIM also provides pre-configured settings and templates that align with specific regulatory requirements.

The FIM feature is designed to notify users about potentially suspicious activities. These include the creation or deletion of files and registry keys, changes to files, and modifications to the registry. The alert also provides details about the change, including the source and account details.

How to enable File Integrity Monitoring in the Azure portal

To enable File Integrity Monitoring in the Azure portal, IT administrators will need to follow the steps listed below:

  • Sign in to the Azure portal and select Microsoft Defender for Cloud.
  • Click the Defender for Cloud menu and then select Environment settings.
  • Choose the relevant subscription, find the Defender for Servers plan, and click Settings.
  • Turn on the File Integrity Monitoring toggle button and select the “Edit configuration” option.
Microsoft Introduces Enhanced File Integrity Monitoring with Defender for Endpoint
Enable File Integrity Monitoring (Image Credit: Microsoft)
  • In the FIM configuration pane, click the Workspace selection dropdown and select the workspace or create a new one.
  • Choose the specific Windows registry and the Windows and Linux files for monitoring. Click the Apply button to save the changes.
  • Finally, select Continue and click the Save button.

What are the prerequisites?

Microsoft says that this new feature will be available for customers in the Defender for Servers Plan 2 subscription. It also requires IT administrators to enable Defender for Endpoint on the client devices within their organizations.

Lastly, Microsoft says that the FIM experience over Azure Monitor Agent (AMA) will no longer be available in the Defender for Cloud portal. The company will continue to support the FIM experience over MMA until the end of November. Microsoft will release an in-product experience that will let IT admins migrate their FIM configuration over Microsoft Monitoring Agent (MMA) to the new version of FIM over Defender for Endpoint.

SHARE ARTICLE