mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merge branch 'main' into danbrown-privacy-essential
This commit is contained in:
Daniel H. Brown
commit
00b3394386
@ -20,7 +20,7 @@ Quick Assist is an application that enables a person to share their [Windows](#i
|
||||
|
||||
## Before you begin
|
||||
|
||||
All that's required to use Quick Assist is suitable network and internet connectivity. No roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.
|
||||
All you need to use Quick Assist is suitable network and internet connectivity. No roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.
|
||||
|
||||
### Authentication
|
||||
|
||||
@ -99,7 +99,7 @@ In some scenarios, the helper does require the sharer to respond to application
|
||||
### Install Quick Assist from the Microsoft Store
|
||||
|
||||
1. Download the new version of Quick Assist by visiting the [Microsoft Store](https://apps.microsoft.com/store/detail/quick-assist/9P7BP5VNWKX5).
|
||||
1. In the Microsoft Store, select **Get in Store app**. Then, give permission to install Quick Assist. When the installation is complete, **Get** changes to **Open**.</br> :::image type="content" source="images/quick-assist-get.png" lightbox="images/quick-assist-get.png" alt-text="Microsoft Store window showing the Quick Assist app with a button labeled get in the bottom right corner.":::
|
||||
1. In the Microsoft Store, select **View in store**, then install Quick Assist. When the installation is complete, **Install** changes to **Open**.
|
||||
|
||||
For more information, visit [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca).
|
||||
|
||||
@ -113,7 +113,7 @@ To install Quick Assist offline, you need to download your APPXBUNDLE and unenco
|
||||
|
||||
1. Start **Windows PowerShell** with Administrative privileges
|
||||
1. In PowerShell, change the directory to the location where you saved the file in step 1: `cd <location of package file>`
|
||||
1. Run the following command to install Quick Assist: `Add-AppxProvisionedPackage -Online -PackagePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"`
|
||||
1. To install Quick Assist, run the following command: `Add-AppxProvisionedPackage -Online -PackagePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"`
|
||||
1. After Quick Assist is installed, run this command to confirm that Quick Assist is installed for the user: `Get-AppxPackage *QuickAssist* -AllUsers`
|
||||
|
||||
### Microsoft Edge WebView2
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Diagnose Provisioning Packages
|
||||
description: Diagnose general failures in provisioning.
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
ms.date: 01/18/2023
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configuration service providers for IT pros
|
||||
description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Provision PCs with common settings
|
||||
description: Create a provisioning package to apply common settings to a PC running Windows 10.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Provision PCs with apps
|
||||
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Apply a provisioning package
|
||||
description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
---
|
||||
title: Windows Configuration Designer command-line interface
|
||||
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
|
||||
ms.topic: article
|
||||
title: Windows Configuration Designer command line interface
|
||||
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command line interface for Windows10/11 client devices.
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Windows Configuration Designer command-line interface (reference)
|
||||
# Windows Configuration Designer command line interface (reference)
|
||||
|
||||
You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages.
|
||||
You can use the Windows Configuration Designer command line interface (CLI) to automate the building of provisioning packages.
|
||||
|
||||
- IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
|
||||
|
||||
@ -30,10 +30,10 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:
|
||||
| --- | --- | --- |
|
||||
| /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
|
||||
| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
|
||||
| /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.</br></br></br>**Important** If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
|
||||
| /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions is loaded by Windows Configuration Designer.</br></br></br>**Important** If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
|
||||
| /Variables | No | Specifies a semicolon separated `<name>` and `<value>` macro pair. The format for the argument must be `<name>=<value>`. |
|
||||
| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output.</br></br></br>Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
|
||||
| Overwrite | No | Denotes whether to overwrite an existing provisioning package.</br></br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
|
||||
| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output. <br></br>Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
|
||||
| Overwrite | No | Denotes whether to overwrite an existing provisioning package. </br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
|
||||
| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Create a provisioning package
|
||||
description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: How provisioning works in Windows 10/11
|
||||
description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Install Windows Configuration Designer
|
||||
description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.reviewer: kevinsheehan
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Create a provisioning package with multivariant settings
|
||||
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Provisioning packages overview
|
||||
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
|
||||
ms.reviewer: kevinsheehan
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: PowerShell cmdlets for provisioning Windows 10/11
|
||||
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use a script to install a desktop app in provisioning packages
|
||||
description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Uninstall a provisioning package - reverted settings
|
||||
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
|
||||
| [Download mode](#download-mode) | DODownloadMode | 1511 | Default is configured to LAN(1). The Group [Download mode](#download-mode) (2) combined with [Group ID](#group-id), enables administrators to create custom device groups that share content between devices in the group.|
|
||||
| [Group ID](#group-id) | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not configured, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't configured, the GroupID is defined as the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. |
|
||||
| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not configured, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't configured, the Group is defined as the AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. |
|
||||
| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, a new option to use 'Local discovery (DNS-SD)' is available to configure via this policy. |
|
||||
| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Windows 10 - default isn't configured. Windows 11 - default peer selection is restricted to the Subnet only in LAN [Download mode](#download-mode) (1). |
|
||||
| [Minimum RAM (inclusive) allowed to use peer caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | Default value is 4 GB. |
|
||||
| [Minimum disk size allowed to use peer caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | Default value is 32 GB. |
|
||||
| [Max cache age](#max-cache-age) | DOMaxCacheAge | 1511 | Default value is 259,200 seconds (three days). |
|
||||
@ -235,10 +235,12 @@ MDM Setting: **DORestrictPeerSelectionBy**
|
||||
|
||||
Starting in Windows 10, version 1803, configure this policy to restrict peer selection via selected option. In Windows 11, the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets.
|
||||
|
||||
If Group mode is configured, Delivery Optimization connects to locally discovered peers that are also part of the same Group (have the same Group ID).
|
||||
If Group mode is configured, Delivery Optimization connects to locally discovered peers that are also part of the same Group (have the same Group ID) and prevents devices that aren't using the same Group ID from participating.
|
||||
|
||||
In Windows 11, the Local Peer Discovery (DNS-SD) option can be configured via MDM or Group Policy. However, in Windows 10, this feature can be enabled by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**.
|
||||
|
||||
The default behaviors differ between Windows 10 and Windows 11. In Windows 10, there is no restriction configured. In Windows 11, the default peer selection is restricted to the Subnet only in LAN [Download mode](#download-mode) (1)
|
||||
|
||||
### Delay foreground download from HTTP (in secs)
|
||||
|
||||
MDM Setting: **DODelayForegroundDownloadFromHttp**
|
||||
|
||||
@ -11,7 +11,7 @@ manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||
ms.date: 03/14/2024
|
||||
ms.date: 06/07/2024
|
||||
---
|
||||
|
||||
# Update other Microsoft products
|
||||
@ -44,6 +44,7 @@ The following is a list of other Microsoft products that might be updated:
|
||||
- Microsoft Advanced Threat Analytics
|
||||
- Microsoft Application Virtualization
|
||||
- Microsoft Azure StorSimple
|
||||
- Microsoft Configuration Manager
|
||||
- Microsoft Dynamics CRM
|
||||
- Microsoft Information Protection
|
||||
- Microsoft Lync Server and Microsoft Lync
|
||||
@ -54,17 +55,17 @@ The following is a list of other Microsoft products that might be updated:
|
||||
- MSRC
|
||||
- Office 2016 (MSI versions of Office)
|
||||
- PlayReady
|
||||
- Windows Admin Center
|
||||
- Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware
|
||||
- Silverlight
|
||||
- Skype for Business
|
||||
- SQL
|
||||
- System Center Application Controller
|
||||
- System Center Configuration Manager
|
||||
- System Center Data Protection Manager
|
||||
- System Center Operations Manager
|
||||
- System Center Orchestrator
|
||||
- System Center Virtual Machine Manager
|
||||
- Visual Studio
|
||||
- Windows Admin Center
|
||||
- Windows Azure Hyper-V Recovery Manager
|
||||
- Windows Azure Pack - Web Sites
|
||||
- Windows Azure Pack
|
||||
|
||||
@ -6,7 +6,7 @@ author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.date: 03/26/2024
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
appliesto:
|
||||
- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
|
||||
- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
|
||||
|
||||
@ -3,7 +3,7 @@ title: Testing and Debugging AppId Tagging Policies
|
||||
description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/29/2022
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
---
|
||||
|
||||
# Testing and Debugging AppId Tagging Policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploying Windows Defender Application Control AppId tagging policies
|
||||
description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/29/2022
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Deploying Windows Defender Application Control AppId tagging policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Create your Windows Defender Application Control AppId Tagging Policies
|
||||
description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/29/2022
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Creating your WDAC AppId Tagging Policies
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies
|
||||
description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
|
||||
title: Designing, creating, managing, and troubleshooting Windows Defender Application Control AppId Tagging policies
|
||||
description: How to design, create, manage, and troubleshoot your WDAC AppId Tagging policies
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/27/2022
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# WDAC Application ID (AppId) Tagging guide
|
||||
@ -13,14 +13,14 @@ ms.topic: article
|
||||
|
||||
## AppId Tagging Feature Overview
|
||||
|
||||
The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't.
|
||||
The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), doesn't control whether applications run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy receive the tag while failing applications don't.
|
||||
|
||||
## AppId Tagging Feature Availability
|
||||
|
||||
The WDAC AppId Tagging feature is available on the following versions of the Windows platform:
|
||||
|
||||
Client:
|
||||
- Windows 10 20H1, 20H2 and 21H1 versions only
|
||||
- Windows 10 20H1, 20H2, and 21H1 versions only
|
||||
- Windows 11
|
||||
|
||||
Server:
|
||||
@ -28,8 +28,8 @@ Server:
|
||||
|
||||
## In this section
|
||||
|
||||
| Topic | Description |
|
||||
| article | Description |
|
||||
| - | - |
|
||||
| [Designing and Creating AppId Policies](design-create-appid-tagging-policies.md) | This topic covers how to design and create AppId Tagging policies. |
|
||||
| [Deploying AppId Policies](deploy-appid-tagging-policies.md) | This topic covers how to deploy AppId Tagging policies. |
|
||||
| [Debugging AppId Policies](debugging-operational-guide-appid-tagging-policies.md) | This topic covers how to debug and view events from AppId Tagging policies. |
|
||||
| [Designing and Creating AppId Policies](design-create-appid-tagging-policies.md) | This article covers how to design and create AppId Tagging policies. |
|
||||
| [Deploying AppId Policies](deploy-appid-tagging-policies.md) | This article covers how to deploy AppId Tagging policies. |
|
||||
| [Debugging AppId Policies](debugging-operational-guide-appid-tagging-policies.md) | This article covers how to debug and view events from AppId Tagging policies. |
|
||||
|
||||
@ -6,7 +6,7 @@ ms.collection:
|
||||
- must-keep
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/23/2023
|
||||
ms.date: 06/07/2024
|
||||
---
|
||||
|
||||
# AppLocker rule collection extensions
|
||||
@ -35,4 +35,4 @@ To apply AppLocker policy to nonuser processes, set ``<Services EnforcementMode=
|
||||
|
||||
## System apps
|
||||
|
||||
When using AppLocker to control nonuser processes, your policy must allow all Windows system code or your device night behave unexpectedly. To automatically allow all system code that is part of Windows, set ``<SystemApps Allow="Enabled"/>`` in the ``<RedstoneExtensions>`` section as shown in the preceding XML fragment.
|
||||
When using AppLocker to control nonuser processes, your policy must allow all Windows system code or your device might behave unexpectedly. To automatically allow all system code that is part of Windows, set ``<SystemApps Allow="Enabled"/>`` in the ``<RedstoneExtensions>`` section as shown in the preceding XML fragment.
|
||||
|
||||
@ -3,7 +3,7 @@ title: Use audit events to create WDAC policy rules
|
||||
description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/03/2018
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Use audit events to create WDAC policy rules
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploy WDAC policies via Group Policy
|
||||
description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 01/23/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Deploy Windows Defender Application Control policies by using Group Policy
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploy Windows Defender Application Control (WDAC) policies using script
|
||||
description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
|
||||
ms.manager: jsuther
|
||||
ms.date: 01/23/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Remove Windows Defender Application Control policies
|
||||
description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/04/2022
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Remove Windows Defender Application Control (WDAC) policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Enforce Windows Defender Application Control (WDAC) policies
|
||||
description: Learn how to switch a WDAC policy from audit to enforced mode.
|
||||
ms.manager: jsuther
|
||||
ms.date: 04/22/2021
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Merge Windows Defender Application Control policies (WDAC)
|
||||
description: Learn how to merge WDAC policies as part of your policy lifecycle management.
|
||||
ms.manager: jsuther
|
||||
ms.date: 04/22/2021
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Allow COM object registration in a WDAC policy
|
||||
description: You can allow COM object registration in a Windows Defender Application Control policy.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/05/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Allow COM object registration in a Windows Defender Application Control policy
|
||||
|
||||
@ -3,7 +3,7 @@ title: Policy creation for common WDAC usage scenarios
|
||||
description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/05/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Defender Application Control deployment in different scenarios: types of devices
|
||||
|
||||
@ -3,7 +3,7 @@ title: Allow apps deployed with a WDAC managed installer
|
||||
description: Explains how to configure a custom Managed Installer.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 02/02/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Automatically allow apps deployed by a managed installer with Windows Defender Application Control
|
||||
@ -147,7 +147,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
|
||||
</RuleCollectionExtensions>
|
||||
</RuleCollection>
|
||||
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
|
||||
<FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
|
||||
<FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE">
|
||||
<BinaryVersionRange LowSection="1.39.200.2" HighSection="*" />
|
||||
|
||||
@ -3,7 +3,7 @@ title: Create WDAC Deny Policy
|
||||
description: Explains how to create WDAC deny policies
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Guidance on Creating WDAC Deny Policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Create a WDAC policy using a reference computer
|
||||
description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 08/08/2022
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Create a WDAC policy using a reference computer
|
||||
|
||||
@ -3,7 +3,7 @@ title: Use multiple Windows Defender Application Control Policies
|
||||
description: Windows Defender Application Control supports multiple code integrity policies for one device.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/15/2024
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Use multiple Windows Defender Application Control Policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Manage packaged apps with WDAC
|
||||
description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 03/01/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Manage Packaged Apps with Windows Defender Application Control
|
||||
|
||||
@ -6,7 +6,7 @@ ms.collection:
|
||||
- tier3
|
||||
- must-keep
|
||||
ms.date: 01/24/2024
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Microsoft recommended driver block rules
|
||||
|
||||
@ -3,7 +3,7 @@ title: Plan for WDAC policy management
|
||||
description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/22/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Plan for Windows Defender Application Control lifecycle policy management
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand WDAC script enforcement
|
||||
description: WDAC script enforcement
|
||||
ms.manager: jsuther
|
||||
ms.date: 05/26/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control (WDAC) policy rules and f
|
||||
description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/22/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understand Windows Defender Application Control (WDAC) policy rules and file rules
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control policy design decisions
|
||||
description: Understand Windows Defender Application Control policy design decisions.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 02/08/2018
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understand Windows Defender Application Control policy design decisions
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings
|
||||
description: Learn about secure settings in Windows Defender Application Control.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/05/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understanding WDAC Policy Settings
|
||||
|
||||
@ -3,7 +3,7 @@ title: Use a Windows Defender Application Control policy to control specific plu
|
||||
description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/02/2022
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Authorize reputable apps with the Intelligent Security Graph (ISG)
|
||||
description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
|
||||
description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Authorize reputable apps with the Intelligent Security Graph (ISG)
|
||||
|
||||
@ -3,7 +3,7 @@ title: Windows Defender Application Control and .NET
|
||||
description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/22/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Defender Application Control (WDAC) and .NET
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understanding Application Control event tags
|
||||
description: Learn what different Windows Defender Application Control event tags signify.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/09/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understanding Application Control event tags
|
||||
|
||||
@ -3,7 +3,7 @@ title: Inbox WDAC policies
|
||||
description: This article describes the inbox WDAC policies that may be active on a device.
|
||||
ms.manager: jsuther
|
||||
ms.date: 03/10/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: WDAC Admin Tips & Known Issues
|
||||
description: WDAC Known Issues
|
||||
ms.manager: jsuther
|
||||
ms.date: 04/15/2024
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Query Application Control events with Advanced Hunting
|
||||
description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 03/01/2022
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
---
|
||||
|
||||
# Querying Application Control events centrally using Advanced hunting
|
||||
|
||||
@ -3,7 +3,7 @@ title: WDAC and AppLocker Overview
|
||||
description: Compare Windows application control technologies.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 01/03/2024
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Defender Application Control and AppLocker Overview
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Sandbox architecture
|
||||
description: Windows Sandbox architecture
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 03/26/2024
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Sandbox configuration
|
||||
description: Windows Sandbox configuration
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 03/26/2024
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Sandbox
|
||||
description: Windows Sandbox overview
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 03/26/2024
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
|
||||
description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# What is Microsoft Baseline Security Analyzer and its uses?
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Account protection in Windows Security
|
||||
description: Use the Account protection section to manage security for your account and sign in to Microsoft.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App & browser control in Windows Security
|
||||
description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# App and browser control
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Customize Windows Security contact information in Windows Security
|
||||
description: Provide information to your employees on how to contact your IT department when a security issue occurs
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Customize the Windows Security settings for your organization
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Device & performance health in Windows Security
|
||||
description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
|
||||
ms.date: 07/31/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Device security in Windows Security
|
||||
description: Use the Device security section to manage security built into your device, including Virtualization-based security.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Device security
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Family options in Windows Security
|
||||
description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Firewall and network protection in Windows Security
|
||||
description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Firewall and network protection
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Hide notifications from Windows Security
|
||||
description: Prevent Windows Security notifications from appearing on user endpoints
|
||||
ms.date: 07/31/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Hide Windows Security notifications
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Virus and threat protection in Windows Security
|
||||
description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Virus and threat protection
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Windows Security
|
||||
description: Windows Security brings together common Windows security features into one place.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Security
|
||||
|
||||
@ -6,7 +6,7 @@ author: aczechowski
|
||||
ms.author: aaroncz
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Mitigate threats by using Windows 10 security features
|
||||
|
||||
@ -10,6 +10,7 @@ ms.topic: conceptual
|
||||
ms.collection:
|
||||
- highpri
|
||||
- tier1
|
||||
- essentials-get-started
|
||||
ms.subservice: itpro-fundamentals
|
||||
ms.date: 02/06/2024
|
||||
appliesto:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user