Howdy Folks,
When you deploying Microsoft Defender for Endpoint using Microsoft 365 subscription,
The best would be the Defender for Endpoint portal to understand your security posture in your endpoint devices. So, I am just going to show you How we basically create an OMA-URI configuration to get rid of some security vulnerability.
In the below example, when I looked in to my Defender for Security portal, I am seeing few security improvements on my test device. So, let’s take that as an example.
In this scenario, it says “Block abuse of exploited vulnerable signed drivers”. This means we need to block this parameter.
To do this, I am going to use Microsoft Endpoint Manager to create OMA-URI rule. Before that you can further dig in to the alert and check the recommendation for it as follows.
Click on the Block abuse of exploited vulnerable signed drivers and check the Recommendation Option as follows.
Based on the recommendation, lets go to Microsoft Endpoint Manager and configure the settings.
Use this link to login to your Endpoint Manager Portal.
https://endpoint.microsoft.com/
Select Devices > and Select Configuration Profiles as follows.
On the Profile Creation Page, Click Create Profile
Select the Platform as Windows 10 and Later and Profile Type as Templates. Then Select the Custom Template Name and Click Create.
Type a Name to the Policy and Click Next
On the Configuration Settings, Click Add button.
Add the Following details in to the ROWs’.
Name– Block abuse of exploited vulnerable signed drivers
Description– Put meaningful one related to policy.
OMA-URI– ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
Data Type– String
Value– 56a863a9-875e-4185-98a7-b882c64b5ce5=1
Refer below links for the OMA-URI details related to this.
Attack surface reduction rules reference | Microsoft Docs
Enable attack surface reduction rules | Microsoft Docs
Once filled the Rows, Click Save
Click Next on the Configuration Settings. And assign the Device group which you need to apply this policy. And Click Next.
On the Applicability Rule, just Click Next unless if you need any customization within the applied group
For this profile within an assigned group. Intune will only apply the profile to devices that meet the combined criteria of these rules.
Click Create on the Review + Create Page.
Once the policy is succeeded on the Assigned Group, you can let the defender sensors to update the security portal on the security feature which need to block probably in few minutes.
Hasitha Willarachchi 
great article ! But I see that this Rule now can configure in Standard ASR Rule in Intune MEM. There are (now) 16 Rules/Settings.