diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
index a5ba19c1a0..b700cc9542 100644
--- a/docs/getting-started/configure-integration-policy.asciidoc
+++ b/docs/getting-started/configure-integration-policy.asciidoc
@@ -20,6 +20,7 @@ To configure an integration policy:
 * <<ransomware-protection>>
 * <<memory-protection>>
 * <<behavior-protection>>
+* <<attack-surface-reduction>>
 * <<event-collection>>
 * <<register-as-antivirus>>
 * <<adv-policy-settings>>
@@ -140,6 +141,17 @@ TIP: Platinum and Enterprise customers can customize these notifications using t
 [role="screenshot"]
 image::images/install-endpoint/behavior-protection.png[Detail of behavior protection section.]
 
+[discrete]
+[[attack-surface-reduction]]
+== Attack surface reduction
+
+This section helps you reduce vulnerabilities that attackers can target on Windows endpoints.
+
+* *Credential hardening*: Prevents attackers from stealing credentials stored in Windows system process memory. Turn on the toggle to remove any overly permissive access rights that aren't required for standard interaction with the Local Security Authority Subsystem Service (LSASS). This feature enforces the principle of least privilege without interfering with benign system activity that is related to LSASS.
+
+[role="screenshot"]
+image::images/install-endpoint/attack-surface-reduction.png[Detail of attack surface reduction section.]
+
 [discrete]
 [[event-collection]]
 == Event collection
diff --git a/docs/getting-started/images/install-endpoint/attack-surface-reduction.png b/docs/getting-started/images/install-endpoint/attack-surface-reduction.png
new file mode 100644
index 0000000000..cff71ebf2e
Binary files /dev/null and b/docs/getting-started/images/install-endpoint/attack-surface-reduction.png differ