diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b7df687bad..1a7b981640 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -21934,7 +21934,7 @@ "source_path": "windows/deployment/update/update-compliance-schema-wudostatus.md", "redirect_url": "/windows/deployment/update/wufb-reports-overview", "redirect_document_id": false - }, + }, { "source_path": "windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md", "redirect_url": "/windows/deployment/update/wufb-reports-overview", @@ -21955,6 +21955,721 @@ "redirect_url": "/windows/security/security-foundations/index", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/feature-availability.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/feature-availability", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/index.yml", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/index", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/types-of-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false + }, { "source_path": "windows/application-management/system-apps-windows-client-os.md", "redirect_url": "/windows/application-management/apps-in-windows-10", diff --git a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 83799f7674..2f0412decb 100644 --- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -44,6 +44,6 @@ WDAC has no specific hardware or software requirements. ## Related articles -- [Windows Defender Application Control](../../threat-protection/windows-defender-application-control/windows-defender-application-control.md) +- [Windows Defender Application Control](windows-defender-application-control/wdac.md) - [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) - [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml index a0b92c4987..117ebc744f 100644 --- a/windows/security/application-security/application-control/toc.yml +++ b/windows/security/application-security/application-control/toc.yml @@ -10,6 +10,6 @@ items: - name: Windows Defender Application Control and virtualization-based protection of code integrity href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: Windows Defender Application Control - href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + href: windows-defender-application-control/wdac.md - name: Smart App Control - href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + href: windows-defender-application-control/wdac.md diff --git a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md index 131622bbf4..9fd23384ff 100644 --- a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md +++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md @@ -41,7 +41,7 @@ The following instructions provide details how to configure your devices. Select To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Local Policies Security Options`**: -:::image type="content" source="./images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="./images/uac-settings-catalog.png" border="True"::: +:::image type="content" source="images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="images/uac-settings-catalog.png" border="True"::: Assign the policy to a security group that contains as members the devices or users that you want to configure. diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md similarity index 78% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index ab8014b9a5..b8552a63ca 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -1,35 +1,17 @@ --- title: Testing and Debugging AppId Tagging Policies description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/29/2022 -ms.technology: itpro-security ms.topic: article --- # Testing and Debugging AppId Tagging Policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. +After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. ## Verifying Tags on Running Processes @@ -53,4 +35,4 @@ After verifying the policy has been deployed, the next step is to verify that th Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field. - ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png) \ No newline at end of file + ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png) diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md similarity index 90% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index bf48be5b8d..e8af7434cc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -1,25 +1,13 @@ --- title: Deploying Windows Defender Application Control AppId tagging policies description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment. -ms.prod: windows-client ms.localizationpriority: medium -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/29/2022 -ms.technology: itpro-security ms.topic: article --- # Deploying Windows Defender Application Control AppId tagging policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and later - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). @@ -32,7 +20,7 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg ## Deploy AppId tagging policies with MDM -Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). ## Deploy AppId tagging policies with Configuration Manager diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md similarity index 83% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md index 0ed35d4d57..9407cacded 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md @@ -1,41 +1,23 @@ --- title: Create your Windows Defender Application Control AppId Tagging Policies description: Create your Windows Defender Application Control AppId tagging policies for Windows devices. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/29/2022 -ms.technology: itpro-security ms.topic: article --- # Creating your WDAC AppId Tagging Policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). ## Create the policy using the WDAC Wizard -You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). +You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). 1. Create a new base policy using the templates: - Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. + Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. ![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png) @@ -43,7 +25,6 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies). - 2. Set the following rule-options using the Wizard toggles: ![Configuring the policy rule-options.](../images/appid-wdac-wizard-2.png) @@ -58,8 +39,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power - Package app name rules: Create a rule based off the package family name of an appx/msix. - Hash rules: Create a rule based off the PE Authenticode hash of a file. - - For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../wdac-wizard-create-base-policy.md#creating-custom-file-rules). + For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules). 4. Convert to AppId Tagging Policy: @@ -72,9 +52,9 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power ## Create the policy using PowerShell -Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). In an elevate PowerShell instance: +Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance: -1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: +1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: ```powershell $rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath @@ -121,4 +101,4 @@ After creating your AppId Tagging policy in the above steps, you can deploy the RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925). ## Next Steps -For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](./debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). \ No newline at end of file +For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md similarity index 79% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md index a509bcee48..2d94e08d99 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md @@ -1,31 +1,13 @@ --- -title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies +title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies -keywords: security, malware, firewall -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/27/2022 -ms.technology: itpro-security ms.topic: article --- # WDAC Application ID (AppId) Tagging guide -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2022 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml similarity index 82% rename from windows/security/threat-protection/windows-defender-application-control/TOC.yml rename to windows/security/application-security/application-control/windows-defender-application-control/TOC.yml index b48a27a876..70c937a286 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml @@ -1,7 +1,7 @@ - name: Application Control for Windows href: index.yml - name: About application control for Windows - href: windows-defender-application-control.md + href: wdac.md expanded: true items: - name: WDAC and AppLocker Overview @@ -9,120 +9,120 @@ - name: WDAC and AppLocker Feature Availability href: feature-availability.md - name: Virtualization-based protection of code integrity - href: ../../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: WDAC design guide - href: windows-defender-application-control-design-guide.md + href: design/wdac-design-guide.md items: - name: Plan for WDAC policy lifecycle management - href: plan-windows-defender-application-control-management.md + href: design/plan-wdac-management.md - name: Design your WDAC policy items: - name: Understand WDAC policy design decisions - href: understand-windows-defender-application-control-policy-design-decisions.md + href: design/understand-wdac-policy-design-decisions.md - name: Understand WDAC policy rules and file rules - href: select-types-of-rules-to-create.md + href: design/select-types-of-rules-to-create.md items: - name: Allow apps installed by a managed installer - href: configure-authorized-apps-deployed-with-a-managed-installer.md + href: design/configure-authorized-apps-deployed-with-a-managed-installer.md - name: Allow reputable apps with Intelligent Security Graph (ISG) - href: use-windows-defender-application-control-with-intelligent-security-graph.md + href: design/use-wdac-with-intelligent-security-graph.md - name: Allow COM object registration - href: allow-com-object-registration-in-windows-defender-application-control-policy.md + href: design/allow-com-object-registration-in-wdac-policy.md - name: Use WDAC with .NET hardening - href: use-windows-defender-application-control-with-dynamic-code-security.md + href: design/wdac-and-dotnet.md - name: Script enforcement with Windows Defender Application Control href: design/script-enforcement.md - name: Manage packaged apps with WDAC - href: manage-packaged-apps-with-windows-defender-application-control.md + href: design/manage-packaged-apps-with-wdac.md - name: Use WDAC to control specific plug-ins, add-ins, and modules - href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md + href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md - name: Understand WDAC policy settings - href: understanding-wdac-policy-settings.md + href: design/understanding-wdac-policy-settings.md - name: Use multiple WDAC policies - href: deploy-multiple-windows-defender-application-control-policies.md + href: design/deploy-multiple-wdac-policies.md - name: Create your WDAC policy items: - name: Example WDAC base policies - href: example-wdac-base-policies.md + href: design/example-wdac-base-policies.md - name: Policy creation for common WDAC usage scenarios - href: types-of-devices.md + href: design/common-wdac-use-cases.md items: - name: Create a WDAC policy for lightly managed devices - href: create-wdac-policy-for-lightly-managed-devices.md + href: design/create-wdac-policy-for-lightly-managed-devices.md - name: Create a WDAC policy for fully managed devices - href: create-wdac-policy-for-fully-managed-devices.md + href: design/create-wdac-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices - href: create-initial-default-policy.md + href: design/create-wdac-policy-using-reference-computer.md - name: Create a WDAC deny list policy - href: create-wdac-deny-policy.md + href: design/create-wdac-deny-policy.md - name: Microsoft recommended block rules - href: microsoft-recommended-block-rules.md + href: design/microsoft-recommended-block-rules.md - name: Microsoft recommended driver block rules - href: microsoft-recommended-driver-block-rules.md + href: design/microsoft-recommended-driver-block-rules.md - name: Use the WDAC Wizard tool - href: wdac-wizard.md + href: design/wdac-wizard.md items: - name: Create a base WDAC policy with the Wizard - href: wdac-wizard-create-base-policy.md + href: design/wdac-wizard-create-base-policy.md - name: Create a supplemental WDAC policy with the Wizard - href: wdac-wizard-create-supplemental-policy.md + href: design/wdac-wizard-create-supplemental-policy.md - name: Editing a WDAC policy with the Wizard - href: wdac-wizard-editing-policy.md + href: design/wdac-wizard-editing-policy.md - name: Creating WDAC Policy Rules from WDAC Events - href: wdac-wizard-parsing-event-logs.md + href: design/wdac-wizard-parsing-event-logs.md - name: Merging multiple WDAC policies with the Wizard - href: wdac-wizard-merging-policies.md + href: design/wdac-wizard-merging-policies.md - name: WDAC deployment guide - href: windows-defender-application-control-deployment-guide.md + href: deployment/wdac-deployment-guide.md items: - name: Deploy WDAC policies with MDM - href: deployment/deploy-windows-defender-application-control-policies-using-intune.md + href: deployment/deploy-wdac-policies-using-intune.md - name: Deploy WDAC policies with Configuration Manager href: deployment/deploy-wdac-policies-with-memcm.md - name: Deploy WDAC policies with script href: deployment/deploy-wdac-policies-with-script.md - name: Deploy WDAC policies with group policy - href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md + href: deployment/deploy-wdac-policies-using-group-policy.md - name: Audit WDAC policies - href: audit-windows-defender-application-control-policies.md + href: deployment/audit-wdac-policies.md - name: Merge WDAC policies - href: merge-windows-defender-application-control-policies.md + href: deployment/merge-wdac-policies.md - name: Enforce WDAC policies - href: enforce-windows-defender-application-control-policies.md + href: deployment/enforce-wdac-policies.md - name: Use code signing for added control and protection with WDAC - href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md + href: deployment/use-code-signing-for-better-control-and-protection.md items: - name: Deploy catalog files to support WDAC - href: deploy-catalog-files-to-support-windows-defender-application-control.md + href: deployment/deploy-catalog-files-to-support-wdac.md - name: Use signed policies to protect Windows Defender Application Control against tampering - href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md + href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md - name: "Optional: Create a code signing cert for WDAC" - href: create-code-signing-cert-for-windows-defender-application-control.md + href: deployment/create-code-signing-cert-for-wdac.md - name: Disable WDAC policies - href: disable-windows-defender-application-control-policies.md + href: deployment/disable-wdac-policies.md - name: LOB Win32 Apps on S Mode - href: LOB-win32-apps-on-s.md + href: deployment/LOB-win32-apps-on-s.md - name: WDAC operational guide - href: windows-defender-application-control-operational-guide.md + href: operations/wdac-operational-guide.md items: - name: WDAC debugging and troubleshooting href: operations/wdac-debugging-and-troubleshooting.md - name: Understanding Application Control event IDs - href: event-id-explanations.md + href: operations/event-id-explanations.md - name: Understanding Application Control event tags - href: event-tag-explanations.md + href: operations/event-tag-explanations.md - name: Query WDAC events with Advanced hunting - href: querying-application-control-events-centrally-using-advanced-hunting.md + href: operations/querying-application-control-events-centrally-using-advanced-hunting.md - name: Known Issues href: operations/known-issues.md - name: Managed installer and ISG technical reference and troubleshooting guide - href: configure-wdac-managed-installer.md + href: operations/configure-wdac-managed-installer.md - name: CITool.exe technical reference href: operations/citool-commands.md - name: Inbox WDAC policies href: operations/inbox-wdac-policies.md - name: WDAC AppId Tagging guide - href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md + href: AppIdTagging/wdac-appid-tagging-guide.md items: - name: Creating AppId Tagging Policies href: AppIdTagging/design-create-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 0af1870a2a..137f9503c0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -1,15 +1,9 @@ --- title: Add rules for packaged apps to existing AppLocker rule-set description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Add rules for packaged apps to existing AppLocker rule-set diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md index 6e41e6c5e2..a8cc845756 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md @@ -1,15 +1,9 @@ --- title: Administer AppLocker description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 02/28/2019 -ms.technology: itpro-security --- # Administer AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md index 37127bd09f..93e671aff7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -1,15 +1,9 @@ --- title: AppLocker architecture and components description: This topic for IT professional describes AppLocker’s basic architecture and its major components. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker architecture and components diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md index 52acbce003..48067e47b9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md @@ -1,15 +1,9 @@ --- title: AppLocker functions description: This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker functions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md similarity index 99% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md index c13e82db76..eaf509458d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md @@ -1,9 +1,6 @@ --- title: AppLocker description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. -ms.author: vinpa -author: vinaypamnani-msft -manager: aaroncz ms.collection: - highpri - tier3 diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index 2c37794578..3e609e4176 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -1,15 +1,9 @@ --- title: AppLocker deployment guide description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker deployment guide diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md index 0953e691f1..56a059df6a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -1,15 +1,9 @@ --- title: AppLocker design guide description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker design guide diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index e4b467ac07..7657e480fa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -1,15 +1,9 @@ --- title: AppLocker policy use scenarios description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker policy use scenarios diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index f9b3d75543..567b3bafc5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -1,15 +1,9 @@ --- title: AppLocker processes and interactions description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker processes and interactions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md similarity index 89% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md index 2371faff67..956c1904a8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md @@ -1,15 +1,9 @@ --- title: AppLocker settings description: This topic for the IT professional lists the settings used by AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker settings diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md index a4e2b5c421..8f8b29113c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -1,15 +1,9 @@ --- title: AppLocker technical reference description: This overview topic for IT professionals provides links to the topics in the technical reference. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker technical reference diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 762f500737..6e62bb3ccd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -1,15 +1,9 @@ --- title: Configure an AppLocker policy for audit only description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 06/08/2018 -ms.technology: itpro-security --- # Configure an AppLocker policy for audit only diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 5677e08745..5ee7082a7e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -1,15 +1,9 @@ --- title: Configure an AppLocker policy for enforce rules description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Configure an AppLocker policy for enforce rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index d7fb5a0851..ff055ce7c2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -1,15 +1,9 @@ --- title: Add exceptions for an AppLocker rule description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Add exceptions for an AppLocker rule diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index ad878e7040..eb422a3a03 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -1,15 +1,9 @@ --- title: Configure the AppLocker reference device description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Configure the AppLocker reference device diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md index b9261a395b..628b5cd559 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -1,15 +1,9 @@ --- title: Configure the Application Identity service description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 07/01/2021 -ms.technology: itpro-security --- # Configure the Application Identity service diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index 357689283c..aafae9fa2d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -1,15 +1,9 @@ --- title: Create a rule for packaged apps description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule for packaged apps diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index 592e0d0250..e1c48949a8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -1,15 +1,9 @@ --- title: Create a rule that uses a file hash condition description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule that uses a file hash condition diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index 019d399434..c6c0413c43 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -1,15 +1,9 @@ --- title: Create a rule that uses a path condition description: This topic for IT professionals shows how to create an AppLocker rule with a path condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule that uses a path condition diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index b7973d180c..193299df1c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -1,15 +1,9 @@ --- title: Create a rule that uses a publisher condition description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule that uses a publisher condition diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md index a9b4962478..98493d5656 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -1,15 +1,9 @@ --- title: Create AppLocker default rules description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create AppLocker default rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index 1811f0ba24..5e8d7b6735 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -1,15 +1,9 @@ --- title: Create a list of apps deployed to each business group description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a list of apps deployed to each business group diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md index 5de5930086..861bf58502 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Create Your AppLocker policies description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create Your AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md index 5e05fb2c6e..c32cbf3af1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Create Your AppLocker rules description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create Your AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md index e639e46f0b..b531465cdc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -1,15 +1,9 @@ --- title: Delete an AppLocker rule description: This article for IT professionals describes the steps to delete an AppLocker rule. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 03/10/2023 -ms.technology: itpro-security --- # Delete an AppLocker rule diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index b01a4cb864..0d956ceadf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -1,15 +1,9 @@ --- title: Deploy AppLocker policies by using the enforce rules setting description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Deploy AppLocker policies by using the enforce rules setting diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index bd454cbc25..da372fd5b0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -1,15 +1,9 @@ --- title: Deploy the AppLocker policy into production description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Deploy the AppLocker policy into production diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index 75cb76fbb6..8c8842e5ae 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -1,15 +1,9 @@ --- title: Determine the Group Policy structure and rule enforcement description: This overview topic describes the process to follow when you're planning to deploy AppLocker rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Determine the Group Policy structure and rule enforcement diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index aae68e89c5..a654dfc5f7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -1,15 +1,9 @@ --- title: Find digitally signed apps on a reference device description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Determine which apps are digitally signed on a reference device diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index bd8cd14419..b52c32d46b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -1,15 +1,9 @@ --- title: Determine your application control objectives description: Determine which applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Determine your application control objectives diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 050d675248..4f50e071a2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -1,15 +1,9 @@ --- title: Display a custom URL message when users try to run a blocked app description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Display a custom URL message when users try to run a blocked app diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 641ee98a64..39003c7034 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: DLL rules in AppLocker description: This topic describes the file formats and available default rules for the DLL rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # DLL rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index a99df09d89..5206548f80 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -1,15 +1,9 @@ --- title: Document Group Policy structure & AppLocker rule enforcement description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Document the Group Policy structure and AppLocker rule enforcement diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md index 1e1cb3e944..e56f851d85 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md @@ -1,15 +1,9 @@ --- title: Document your app list description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Document your app list diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md index f2803a91f2..5e123e0052 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Document your AppLocker rules description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Document your AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md index 0ebddf77d5..01166c2ac5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -1,15 +1,9 @@ --- title: Edit an AppLocker policy description: This topic for IT professionals describes the steps required to modify an AppLocker policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Edit an AppLocker policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md index 5c05fb3560..94a7441394 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Edit AppLocker rules description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Edit AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index a97f271c3d..811c73d69f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -1,15 +1,9 @@ --- title: Enable the DLL rule collection description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Enable the DLL rule collection diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md index 947a69a2ad..155e7ef8e9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Enforce AppLocker rules description: This topic for IT professionals describes how to enforce application control rules by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Enforce AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md index 461262fab4..4e0d5303e8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Executable rules in AppLocker description: This topic describes the file formats and available default rules for the executable rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Executable rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index bde1c865ad..9e1872b4b8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -1,15 +1,9 @@ --- title: Export an AppLocker policy from a GPO description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Export an AppLocker policy from a GPO diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md similarity index 89% rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index 93e466a216..90737aee69 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -1,15 +1,9 @@ --- title: Export an AppLocker policy to an XML file description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Export an AppLocker policy to an XML file diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md index e4168feaaa..b05b76c318 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -1,15 +1,9 @@ --- title: How AppLocker works description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # How AppLocker works diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index c9eee9963c..b7e29c29a1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -1,14 +1,8 @@ --- title: Import an AppLocker policy from another computer description: This topic for IT professionals describes how to import an AppLocker policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual -ms.technology: itpro-security ms.date: 12/31/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index aa4be6cdf0..40488c8f88 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -1,15 +1,9 @@ --- title: Import an AppLocker policy into a GPO description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Import an AppLocker policy into a GPO diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md index e9d52b57ce..1a9f1401e7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -1,14 +1,8 @@ --- title: Maintain AppLocker policies description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual -ms.technology: itpro-security ms.date: 12/31/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index d04546c8ee..4d8e825349 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -1,15 +1,9 @@ --- title: Manage packaged apps with AppLocker description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Manage packaged apps with AppLocker @@ -70,7 +64,7 @@ Just as there are differences in managing each rule collection, you need to mana 1. Gather information about which Packaged apps are running in your environment. For information about how to gather this information, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md). -2. Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](./understanding-applocker-default-rules.md). +2. Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](understanding-applocker-default-rules.md). 3. Continue to update the AppLocker policies as new package apps are introduced into your environment. To do this update, see [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index f9ff7dc54d..a51c56cde6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -1,15 +1,9 @@ --- title: Merge AppLocker policies by using Set-ApplockerPolicy description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Merge AppLocker policies by using Set-ApplockerPolicy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index 41657a25bd..7ec3f23e57 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -1,15 +1,9 @@ --- title: Merge AppLocker policies manually description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Merge AppLocker policies manually diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index 32c0267869..c251209071 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -1,15 +1,9 @@ --- title: Monitor app usage with AppLocker description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Monitor app usage with AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md index ef107acf59..8646482c66 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -1,15 +1,9 @@ --- title: Optimize AppLocker performance description: This topic for IT professionals describes how to optimize AppLocker policy enforcement. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Optimize AppLocker performance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index 48e94f6635..92d016a3dc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Packaged apps and packaged app installer rules in AppLocker description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 10/13/2017 -ms.technology: itpro-security --- # Packaged apps and packaged app installer rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md similarity index 99% rename from windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index f2e8463f25..2afb56de2f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -1,15 +1,9 @@ --- title: Plan for AppLocker policy management description: This topic describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Plan for AppLocker policy management diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index 06168d1e9a..d4039c3443 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -1,15 +1,9 @@ --- title: Refresh an AppLocker policy description: This topic for IT professionals describes the steps to force an update for an AppLocker policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Refresh an AppLocker policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index 40579e3963..70a6f0b415 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Requirements for deploying AppLocker policies description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Requirements for deploying AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md index 47b2d12aba..5d2b189772 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -1,15 +1,9 @@ --- title: Requirements to use AppLocker description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Requirements to use AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index d6ba932c98..9f331d58f0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -1,15 +1,9 @@ --- title: Run the Automatically Generate Rules wizard description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Run the Automatically Generate Rules wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md index bee1694c3a..ea18273ead 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Script rules in AppLocker description: This article describes the file formats and available default rules for the script rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 06/15/2022 -ms.technology: itpro-security --- # Script rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md index f32ff85c69..69f190b3f5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -1,15 +1,9 @@ --- title: Security considerations for AppLocker description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Security considerations for AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index 7776bf7386..15f51ed1d5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -1,15 +1,9 @@ --- title: Select the types of rules to create description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Select the types of rules to create diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index 0c029929bf..bd085cda47 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -1,15 +1,9 @@ --- title: Test an AppLocker policy by using Test-AppLockerPolicy description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Test an AppLocker policy by using Test-AppLockerPolicy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index 71815be79b..de4fc78024 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -1,15 +1,9 @@ --- title: Test and update an AppLocker policy description: This topic discusses the steps required to test an AppLocker policy prior to deployment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Test and update an AppLocker policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index 9fcea89142..a683153f73 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -1,15 +1,9 @@ --- title: Tools to use with AppLocker description: This topic for the IT professional describes the tools available to create and administer AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Tools to use with AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index 9b5abb0b0b..db76a5a1bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -1,15 +1,9 @@ --- title: Understand AppLocker enforcement settings description: This topic describes the AppLocker enforcement settings for rule collections. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understand AppLocker enforcement settings diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md similarity index 99% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index d61a4fdf98..d9f21105f1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -1,15 +1,9 @@ --- title: Understand AppLocker policy design decisions description: Review some common considerations while you're planning to use AppLocker to deploy application control policies within a Windows environment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 10/13/2017 -ms.technology: itpro-security --- # Understand AppLocker policy design decisions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index fc99a9815b..363423b61d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -1,15 +1,9 @@ --- title: Understand AppLocker rules and enforcement setting inheritance in Group Policy description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understand AppLocker rules and enforcement setting inheritance in Group Policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index ab1522f49e..d06e82f836 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -1,15 +1,9 @@ --- title: Understand the AppLocker policy deployment process description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understand the AppLocker policy deployment process diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index cec55e8e38..a10756f305 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker allow and deny actions on rules description: This topic explains the differences between allow and deny actions on AppLocker rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker allow and deny actions on rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index 606e9924ec..764edf8acd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker default rules description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker default rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index 377eb5019a..7a6eea342e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule behavior description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule behavior diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index 1787c045ef..3f9f5ad500 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule collections description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule collections diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index b26445b191..bad3241ee2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule condition types description: This topic for the IT professional describes the three types of AppLocker rule conditions. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule condition types diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index 71ae842b65..416310d176 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule exceptions description: This topic describes the result of applying AppLocker rule exceptions to rule collections. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule exceptions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 6e13561e2c..9c95ff5c19 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -1,15 +1,9 @@ --- title: Understanding the file hash rule condition in AppLocker description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it's applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding the file hash rule condition in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 5d3e6d2d29..4a28e77011 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -1,15 +1,9 @@ --- title: Understanding the path rule condition in AppLocker description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it's applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding the path rule condition in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index dbc7fe282d..a915c31c36 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -1,15 +1,9 @@ --- title: Understanding the publisher rule condition in AppLocker description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it's applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding the publisher rule condition in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index eb14fbd674..c86f226134 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Use a reference device to create and maintain AppLocker policies description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.reviewer: -ms.technology: itpro-security --- # Use a reference device to create and maintain AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index 9415499e71..a8a22bcdb4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -1,15 +1,9 @@ --- title: Use AppLocker and Software Restriction Policies in the same domain description: This article for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 11/07/2022 -ms.technology: itpro-security --- # Use AppLocker and Software Restriction Policies in the same domain diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index 155e3e6d17..aed93b7f33 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -1,15 +1,9 @@ --- title: Use the AppLocker Windows PowerShell cmdlets description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Use the AppLocker Windows PowerShell cmdlets diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 2aedf66058..35cecd0bee 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -1,14 +1,8 @@ --- title: Using Event Viewer with AppLocker description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual -ms.technology: itpro-security ms.date: 02/02/2023 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md similarity index 97% rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index d8b071c1c2..e822da9f1b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Use Software Restriction Policies and AppLocker policies description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Use Software Restriction Policies and AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md similarity index 98% rename from windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md index 68586393f4..e976eb85b8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md @@ -1,15 +1,9 @@ --- title: What Is AppLocker description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # What Is AppLocker? diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index 9a410a20af..9f51d9f474 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Windows Installer rules in AppLocker description: This topic describes the file formats and available default rules for the Windows Installer rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Windows Installer rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md index 8e4a0a0395..0f287537b8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Working with AppLocker policies description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Working with AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md similarity index 99% rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md index 8d170ef5ed..57c5eaa7cd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Working with AppLocker rules description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies. -ms.reviewer: -manager: aaroncz -ms.author: vinpa -ms.prod: windows-client -author: vinaypamnani-msft ms.localizationpriority: medium msauthor: v-anbic ms.date: 08/27/2018 -ms.technology: itpro-security ms.topic: conceptual --- diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md index 04b3c1eaac..965a20c625 100644 --- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md @@ -1,25 +1,15 @@ --- title: Allow LOB Win32 apps on Intune-managed S Mode devices description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S Mode base policy on your Intune-managed devices. -ms.prod: windows-client ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 04/05/2023 -ms.technology: itpro-security ms.topic: how-to --- # Allow line-of-business Win32 apps on Intune-managed S Mode devices -**Applies to:** - -- Windows 10 - > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). You can use Microsoft Intune to deploy and run critical Win32 applications, and Windows components that are normally blocked in S mode, on your Intune-managed Windows 10 in S mode devices. For example, PowerShell.exe. @@ -31,7 +21,7 @@ For an overview and brief demo of this feature, see this video: ## Policy authorization process -![Basic diagram of the policy authorization flow.](images/wdac-intune-policy-authorization.png) +![Basic diagram of the policy authorization flow.](../images/wdac-intune-policy-authorization.png) The general steps for expanding the S mode base policy on your Intune-managed Windows 10 in S mode devices are to generate a supplemental policy, sign that policy, upload the signed policy to Intune, and assign it to user or device groups. Because you need access to PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, before deploying the policy more broadly, assign it to a single test Windows 10 in S mode device to verify expected functioning. @@ -39,7 +29,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi This policy expands the S mode base policy to authorize more applications. Anything authorized by either the S mode base policy or your supplemental policy is allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more. - For more information on creating supplemental policies, see [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md). + For more information on creating supplemental policies, see [Deploy multiple WDAC policies](../design/deploy-multiple-wdac-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). The following instructions are a basic set for creating an S mode supplemental policy: @@ -81,7 +71,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi 2. Sign the policy. - Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md). + Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-wdac.md). > [!TIP] > For more information, see [Azure Code Signing, democratizing trust for developers and consumers](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669). @@ -97,19 +87,19 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi ## Standard process for deploying apps through Intune -![Basic diagram for deploying apps through Intune.](images/wdac-intune-app-deployment.png) +![Basic diagram for deploying apps through Intune.](../images/wdac-intune-app-deployment.png) For more information on the existing procedure of packaging signed catalogs and app deployment, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management). ## Optional: Process for deploying apps using catalogs -![Basic diagram for deploying Apps using catalogs.](images/wdac-intune-app-catalogs.png) +![Basic diagram for deploying Apps using catalogs.](../images/wdac-intune-app-catalogs.png) Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that authorizes all apps signed by that certificate, which may include apps you don't want to allow as well. Instead of authorizing signers external to your organization, Intune has functionality to make it easier to authorize existing applications by using signed catalogs. This feature doesn't require repackaging or access to the source code. It works for apps that may be unsigned or even signed apps when you don't want to trust all apps that may share the same signing certificate. -The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-windows-defender-application-control.md). +The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-wdac.md). > [!NOTE] > Every time an app updates, you need to deploy an updated catalog. Try to avoid using catalog files for applications that auto-update, and direct users not to update applications on their own. diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md similarity index 75% rename from windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md index 356adb95d7..98ac6cf37d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md @@ -1,33 +1,15 @@ --- -title: Use audit events to create WDAC policy rules +title: Use audit events to create WDAC policy rules description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 05/03/2018 -ms.technology: itpro-security ms.topic: article --- # Use audit events to create WDAC policy rules -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. @@ -36,18 +18,18 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav ## Overview of the process to create WDAC policy to allow apps using audit events > [!Note] -> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md). +> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md). To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy. 1. Install and run an application not allowed by the WDAC policy but that you want to allow. -2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md). +2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md). **Figure 1. Exceptions to the deployed WDAC policy** - ![Event showing exception to WDAC policy.](images/dg-fig23-exceptionstocode.png) + ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png) -3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" @@ -59,13 +41,13 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. ```powershell - New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings + New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash -UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings ``` > [!NOTE] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md). + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). -5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)). +5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)). 6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level. @@ -74,6 +56,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy. - For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md). + For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md). 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md similarity index 87% rename from windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md index 8050e17b08..cfa497a317 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md @@ -1,35 +1,17 @@ --- -title: Create a code signing cert for Windows Defender Application Control +title: Create a code signing cert for Windows Defender Application Control description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or WDAC policies internally. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro ms.topic: conceptual -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 12/01/2022 -ms.technology: itpro-security --- # Optional: Create a code signing cert for Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md). +As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md). If you have an internal CA, complete these steps to create a code signing certificate. @@ -45,7 +27,7 @@ If you have an internal CA, complete these steps to create a code signing certif 2. When connected, right-click **Certificate Templates**, and then select **Manage** to open the Certification Templates Console. - ![CA snap-in showing Certificate Templates.](images/dg-fig27-managecerttemp.png) + ![CA snap-in showing Certificate Templates.](../images/dg-fig27-managecerttemp.png) Figure 1. Manage the certificate templates @@ -61,7 +43,7 @@ If you have an internal CA, complete these steps to create a code signing certif 8. In the **Edit Basic Constraints Extension** dialog box, select **Enable this extension**, as shown in Figure 2. - ![Edit Basic Constraints Extension.](images/dg-fig29-enableconstraints.png) + ![Edit Basic Constraints Extension.](../images/dg-fig29-enableconstraints.png) Figure 2. Select constraints on the new template @@ -77,7 +59,7 @@ When this certificate template has been created, you must publish it to the CA p 1. In the Certification Authority MMC snap-in, right-click **Certification Templates**, point to **New**, and then select **Certificate Template to Issue**, as shown in Figure 3. - ![Select Certificate Template to Issue.](images/dg-fig30-selectnewcert.png) + ![Select Certificate Template to Issue.](../images/dg-fig30-selectnewcert.png) Figure 3. Select the new certificate template to issue @@ -95,7 +77,7 @@ Now that the template is available to be issued, you must request one from the c 4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4. - ![Request Certificates: more information required.](images/dg-fig31-getmoreinfo.png) + ![Request Certificates: more information required.](../images/dg-fig31-getmoreinfo.png) Figure 4. Get more information for your code signing certificate diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md similarity index 93% rename from windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md index e49832fb80..bc9542abec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md @@ -1,31 +1,19 @@ --- title: Deploy catalog files to support Windows Defender Application Control description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy. -ms.prod: windows-client ms.localizationpriority: medium ms.topic: how-to -author: jsuther1974 -ms.reviewer: jgeurten -ms.author: vinpa -manager: aaroncz ms.date: 11/30/2022 -ms.technology: itpro-security --- # Deploy catalog files to support Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and later - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). *Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging. -You need to [obtain a code signing certificate for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. +You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code, because most malware is unsigned. @@ -46,7 +34,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip" ``` - Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deployment/deploy-wdac-policies-with-script.md). + Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md). 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C: @@ -121,7 +109,7 @@ For the code signing certificate that you use to sign the catalog file, import i 3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. - ![Digital Signature list in file Properties.](images/dg-fig12-verifysigning.png) + ![Digital Signature list in file Properties.](../images/dg-fig12-verifysigning.png) Figure 1. Verify that the signing certificate exists. @@ -144,7 +132,7 @@ The following process walks you through the deployment of a signed catalog file > [!NOTE] > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies. - ![Group Policy Management, create a GPO.](images/dg-fig13-createnewgpo.png) + ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png) Figure 2. Create a new GPO. @@ -154,7 +142,7 @@ The following process walks you through the deployment of a signed catalog file 5. Within the selected GPO, navigate to **Computer Configuration\\Preferences\\Windows Settings\\Files**. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3. - ![Group Policy Management Editor, New File.](images/dg-fig14-createnewfile.png) + ![Group Policy Management Editor, New File.](../images/dg-fig14-createnewfile.png) Figure 3. Create a new file. @@ -164,7 +152,7 @@ The following process walks you through the deployment of a signed catalog file 7. To keep versions consistent, in the **New File Properties** dialog box as shown in Figure 4, select **Replace** from the **Action** list so that the newest version is always used. - ![File Properties, Replace option.](images/dg-fig15-setnewfileprops.png) + ![File Properties, Replace option.](../images/dg-fig15-setnewfileprops.png) Figure 4. Set the new file properties. @@ -197,7 +185,7 @@ Complete the following steps to create a new deployment package for catalog file 3. Name the package, set your organization as the manufacturer, and select an appropriate version number. - ![Create Package and Program Wizard.](images/dg-fig16-specifyinfo.png) + ![Create Package and Program Wizard.](../images/dg-fig16-specifyinfo.png) Figure 5. Specify information about the new package. @@ -218,7 +206,7 @@ Complete the following steps to create a new deployment package for catalog file - From the **Program can run** list, select **Whether or not a user is logged on**. - From the **Drive mode** list, select **Runs with UNC name**. - ![Standard Program page of wizard.](images/dg-fig17-specifyinfo.png) + ![Standard Program page of wizard.](../images/dg-fig17-specifyinfo.png) Figure 6. Specify information about the standard program. @@ -246,7 +234,7 @@ After you create the deployment package, deploy it to a collection so that the c - Select the **Commit changes at deadline or during a maintenance window (requires restarts)** check box. - ![Deploy Software Wizard, User Experience page.](images/dg-fig18-specifyux.png) + ![Deploy Software Wizard, User Experience page.](../images/dg-fig18-specifyux.png) Figure 7. Specify the user experience. @@ -271,13 +259,13 @@ You can configure software inventory to find catalog files on your managed syste 3. Name the new policy, and under **Select and then configure the custom settings for client devices**, select the **Software Inventory** check box, as shown in Figure 8. - ![Create Custom Client Device Settings.](images/dg-fig19-customsettings.png) + ![Create Custom Client Device Settings.](../images/dg-fig19-customsettings.png) Figure 8. Select custom settings. 4. In the navigation pane, select **Software Inventory**, and then select **Set Types**, as shown in Figure 9. - ![Software Inventory settings for devices.](images/dg-fig20-setsoftwareinv.png) + ![Software Inventory settings for devices.](../images/dg-fig20-setsoftwareinv.png) Figure 9. Set the software inventory. @@ -290,7 +278,7 @@ You can configure software inventory to find catalog files on your managed syste 7. In the **Path Properties** dialog box, select **Variable or path name**, and then type `C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}` in the box, as shown in Figure 10. - ![Path Properties, specifying a path.](images/dg-fig21-pathproperties.png) + ![Path Properties, specifying a path.](../images/dg-fig21-pathproperties.png) Figure 10. Set the path properties. @@ -313,7 +301,7 @@ At the time of the next software inventory cycle, when the targeted clients rece ## Allow apps signed by your catalog signing certificate in your WDAC policy -Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](windows-defender-application-control-design-guide.md). +Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md). On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md similarity index 85% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md index 752243780c..aed9b36b5b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md @@ -1,36 +1,18 @@ --- -title: Deploy WDAC policies via Group Policy +title: Deploy WDAC policies via Group Policy description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 01/23/2023 -ms.technology: itpro-security ms.topic: article --- # Deploy Windows Defender Application Control policies by using Group Policy -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -50,7 +32,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**. > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../plan-windows-defender-application-control-management.md). + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md). ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md similarity index 90% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md index b1f05c013f..1909066094 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md @@ -1,32 +1,20 @@ --- -title: Deploy WDAC policies using Mobile Device Management (MDM) +title: Deploy WDAC policies using Mobile Device Management (MDM) description: You can use an MDM like Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. -ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 01/23/2023 ms.topic: how-to --- # Deploy WDAC policies using Mobile Device Management (MDM) -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -50,7 +38,7 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo ## Deploy WDAC policies with custom OMA-URI > [!NOTE] -> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy. You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 72b2f4c5a2..d4135733c2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -1,12 +1,6 @@ --- title: Deploy Windows Defender Application Control policies with Configuration Manager description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. -ms.prod: windows-client -ms.technology: itpro-security -author: jgeurten -ms.reviewer: aaroncz -ms.author: jogeurte -manager: aaroncz ms.date: 06/27/2022 ms.topic: how-to ms.localizationpriority: medium @@ -14,12 +8,6 @@ ms.localizationpriority: medium # Deploy WDAC policies by using Microsoft Configuration Manager -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md similarity index 90% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index b674d5c2b0..a96124b086 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -1,28 +1,14 @@ --- -title: Deploy Windows Defender Application Control (WDAC) policies using script +title: Deploy Windows Defender Application Control (WDAC) policies using script description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide. -keywords: security, malware -ms.prod: windows-client -audience: ITPro -author: jsuther1974 -ms.reviewer: aaroncz -ms.author: jogeurte ms.manager: jsuther -manager: aaroncz ms.date: 01/23/2023 -ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium --- # Deploy WDAC policies using script -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). @@ -31,7 +17,7 @@ This article describes how to deploy Windows Defender Application Control (WDAC) You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md index 11ea39bbe9..5c4d60cfa8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md @@ -1,33 +1,15 @@ --- -title: Remove Windows Defender Application Control policies +title: Remove Windows Defender Application Control policies description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/04/2022 -ms.technology: itpro-security ms.topic: article --- # Remove Windows Defender Application Control (WDAC) policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). ## Removing WDAC policies diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md similarity index 78% rename from windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md index 082b0a5d27..9000c01d85 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md @@ -1,30 +1,16 @@ --- -title: Enforce Windows Defender Application Control (WDAC) policies +title: Enforce Windows Defender Application Control (WDAC) policies description: Learn how to switch a WDAC policy from audit to enforced mode. -keywords: security, malware -ms.prod: windows-client -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: jogeurte ms.manager: jsuther -manager: aaroncz ms.date: 04/22/2021 -ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium --- # Enforce Windows Defender Application Control (WDAC) policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You should now have one or more Windows Defender Application Control policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode. @@ -33,11 +19,11 @@ You should now have one or more Windows Defender Application Control policies br ## Convert WDAC **base** policy from audit to enforced -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](../design/common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. -Alice previously created and deployed a policy for the organization's [fully managed devices](create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. +Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-wdac-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. 1. Initialize the variables that will be used and create the enforced policy by copying the audit version. @@ -55,8 +41,7 @@ Alice previously created and deployed a policy for the organization's [fully man $EnforcedPolicyID = $EnforcedPolicyID.Substring(11) ``` - -3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment. +3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 ("Advanced Boot Options Menu") and 10 ("Boot Audit on Failure"). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment. ```powershell Set-RuleOption -FilePath $EnforcedPolicyXML -Option 9 @@ -111,4 +96,4 @@ Since the enforced policy was given a unique PolicyID in the previous procedure, ## Deploy your enforced policy and supplemental policies -Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). +Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md similarity index 88% rename from windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md index 53b1e0a448..20bf91ea2a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md @@ -1,30 +1,16 @@ --- -title: Merge Windows Defender Application Control policies (WDAC) +title: Merge Windows Defender Application Control policies (WDAC) description: Learn how to merge WDAC policies as part of your policy lifecycle management. -keywords: security, malware -ms.prod: windows-client -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: jogeurte ms.manager: jsuther -manager: aaroncz ms.date: 04/22/2021 -ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium --- # Merge Windows Defender Application Control (WDAC) policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. Windows Defender Application Control deployments often include a few base policies and optional supplemental policies for specific use cases. @@ -33,7 +19,7 @@ This article shows how to merge multiple policy XML files together and how to me ## Merge multiple WDAC policy XML files together -There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. +There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-wdac-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. 1. Initialize the variables that will be used: @@ -57,7 +43,7 @@ There are many scenarios where you may want to merge two or more policy files to Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps: -1. Install the [WDAC Wizard](wdac-wizard.md) packaged MSIX app. +1. Install the [WDAC Wizard](../design/wdac-wizard.md) packaged MSIX app. 2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe. 3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard: @@ -94,4 +80,4 @@ Now that you have your new, merged policy, you can convert and deploy the policy 2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). -3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md) +3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md similarity index 92% rename from windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md index 32b34dfe20..8bc12aa239 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md @@ -1,27 +1,15 @@ --- title: Use code signing for added control and protection with WDAC description: Code signing can be used to better control Win32 app authorization and add protection for your Windows Defender Application Control (WDAC) policies. -ms.prod: windows-client ms.localizationpriority: medium ms.topic: conceptual -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/29/2022 -ms.technology: itpro-security --- # Use code signing for added control and protection with Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). ## What is code signing and why is it important? @@ -38,7 +26,7 @@ You can use catalog files to easily add a signature to an existing application w > [!NOTE] > Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge. -To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md). +To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-wdac.md). ## Signed WDAC policies @@ -51,5 +39,5 @@ For more information on using signed policies, see [Use signed policies to prote Some ways to obtain code signing certificates for your own use, include: - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list). -- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning). diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md similarity index 90% rename from windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md index ef0985446c..72139cebfa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md @@ -1,31 +1,19 @@ --- title: Use signed policies to protect Windows Defender Application Control against tampering description: Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows 10 and Windows 11. -ms.prod: windows-client ms.localizationpriority: medium ms.topic: conceptual -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/04/2022 -ms.technology: itpro-security --- # Use signed policies to protect Windows Defender Application Control against tampering -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure or blue screen. With this goal in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to provide this protection for signed WDAC policies. -If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use). +If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use). > [!WARNING] > Boot failure, or blue screen, may occur if your signing certificate doesn't follow these rules: @@ -35,7 +23,7 @@ If you don't currently have a code signing certificate you can use to sign your > - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256. > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING. -Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md). +Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](../design/select-types-of-rules-to-create.md). > [!NOTE] > When signing a Base policy that has existing Supplemental policies, you must also switch to signed policy for all of the Supplementals. Authorize the signed supplemental policies by adding a `` rule to the Base policy. @@ -51,7 +39,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!NOTE] - > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. + > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-wdac-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. 2. Navigate to your desktop as the working directory: @@ -71,7 +59,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!IMPORTANT] - > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-windows-defender-application-control-policies.md#remove-wdac-policies-causing-boot-stop-failures). + > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-wdac-policies.md#remove-wdac-policies-causing-boot-stop-failures). 4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: @@ -101,7 +89,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files: -1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). 2. Sign the WDAC policy by using SignTool.exe: diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md similarity index 76% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md index 57b049afc6..90bdaa9748 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md @@ -1,29 +1,17 @@ --- title: Deploying Windows Defender Application Control (WDAC) policies description: Learn how to plan and implement a WDAC deployment. -ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium -author: jgeurten -ms.reviewer: aaroncz -ms.author: jogeurte -manager: jsuther ms.date: 01/23/2023 ms.topic: overview --- # Deploying Windows Defender Application Control (WDAC) policies -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. +You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding. ## Convert your WDAC policy XML to binary @@ -56,13 +44,13 @@ All Windows Defender Application Control policy changes should be deployed in au ## Choose how to deploy WDAC policies > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deployment/deploy-wdac-policies-with-script.md) in this case. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: -- [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune -- [Deploy using Microsoft Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md) -- [Deploy via script](deployment/deploy-wdac-policies-with-script.md) -- [Deploy via group policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) +- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune +- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md) +- [Deploy via script](deploy-wdac-policies-with-script.md) +- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md similarity index 91% rename from windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md index abfdd65aed..ad1b478b40 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md @@ -1,33 +1,15 @@ --- -title: Allow COM object registration in a WDAC policy +title: Allow COM object registration in a WDAC policy description: You can allow COM object registration in a Windows Defender Application Control policy. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: vinaypamnani-msft -ms.reviewer: jsuther -ms.author: vinpa -manager: aaroncz -ms.technology: itpro-security ms.date: 04/05/2023 ms.topic: article --- # Allow COM object registration in a Windows Defender Application Control policy -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and later - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects. @@ -38,8 +20,8 @@ Windows Defender Application Control (WDAC) enforces a built-in allowlist for CO > [!NOTE] > To add this functionality to other versions of Windows 10, you can install the following or later updates. -- [Windows 10, 1809 June 18, 2019—KB4501371 (OS Build 17763.592)](https://support.microsoft.com/help/4501371/windows-10-update-kb4501371) -- [Windows 10, 1607 June 18, 2019—KB4503294 (OS Build 14393.3053)](https://support.microsoft.com/help/4503294/windows-10-update-kb4503294) +- [Windows 10, 1809 June 18, 2019-KB4501371 (OS Build 17763.592)](https://support.microsoft.com/help/4501371/windows-10-update-kb4501371) +- [Windows 10, 1607 June 18, 2019-KB4503294 (OS Build 14393.3053)](https://support.microsoft.com/help/4503294/windows-10-update-kb4503294) ### Get COM object GUID @@ -49,13 +31,13 @@ You can get the COM application GUID from the 8036 COM object block events in Ev Three elements: -- Provider: platform on which code is running (values are PowerShell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”) +- Provider: platform on which code is running (values are PowerShell, WSH, IE, VBA, MSI, or a wildcard "AllHostIds") - Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}" - ValueName: needs to be set to "EnterpriseDefinedClsId" One attribute: -- Value: needs to be “true” for allow and “false” for deny +- Value: needs to be "true" for allow and "false" for deny > [!NOTE] > Deny only works in base policies, not supplemental policies diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md similarity index 84% rename from windows/security/threat-protection/windows-defender-application-control/types-of-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md index 4d96a0ba7f..2d96cac781 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md @@ -1,35 +1,17 @@ --- -title: Policy creation for common WDAC usage scenarios +title: Policy creation for common WDAC usage scenarios description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 04/05/2023 -ms.technology: itpro-security ms.topic: article --- # Windows Defender Application Control deployment in different scenarios: types of devices -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described. +Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply "turn on." The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described. ## Types of devices diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md index 9c86b54151..6154ff435d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -1,33 +1,15 @@ --- -title: Allow apps deployed with a WDAC managed installer +title: Allow apps deployed with a WDAC managed installer description: Explains how to configure a custom Managed Installer. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 02/02/2023 -ms.technology: itpro-security ms.topic: article --- # Automatically allow apps deployed by a managed installer with Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2019 and above - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune. @@ -230,15 +212,15 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables Set-RuleOption -FilePath -Option 13 ``` -4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). +4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/wdac-deployment-guide.md). > [!NOTE] > Your WDAC policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer. ## Remove Managed Installer feature -To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems). +To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](../applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems). ## Related articles -- [Managed installer and ISG technical reference and troubleshooting guide](configure-wdac-managed-installer.md) +- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-wdac-managed-installer.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md similarity index 90% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md index ff87d17d02..3dcec18e4f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md @@ -1,19 +1,7 @@ --- title: Create WDAC Deny Policy description: Explains how to create WDAC deny policies -keywords: WDAC, policy -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz -ms.technology: itpro-security ms.date: 12/31/2017 ms.topic: article --- @@ -72,7 +60,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Best Practices -1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) +1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/wdac-operational-guide.md) 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While WDAC has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md similarity index 89% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md index d19e40f9be..76720b9535 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md @@ -1,40 +1,22 @@ --- -title: Create a WDAC policy for fully managed devices +title: Create a WDAC policy for fully managed devices description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in system core. -keywords: security, malware ms.topic: conceptual -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/07/2022 -ms.technology: itpro-security --- # Create a WDAC policy for fully managed devices -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. @@ -54,12 +36,12 @@ Alice's team develops a simple console application, called *LamnaITInstaller.exe Based on the above, Alice defines the pseudo-rules for the policy: -1. **“Windows works”** rules that authorize: +1. **"Windows works"** rules that authorize: - Windows - WHQL (third-party kernel drivers) - Windows Store signed apps -2. **"ConfigMgr works”** rules that include signer and hash rules for Configuration Manager components to properly function. +2. **"ConfigMgr works"** rules that include signer and hash rules for Configuration Manager components to properly function. 3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer) The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are: @@ -163,5 +145,5 @@ Alice has defined a policy for Lamna's fully managed devices that makes some tra ## Up next -- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-initial-default-policy.md) -- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-wdac-policy-using-reference-computer.md) +- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md similarity index 89% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md index af912de157..d4b6d3f256 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md @@ -1,40 +1,22 @@ --- -title: Create a WDAC policy for lightly managed devices +title: Create a WDAC policy for lightly managed devices description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. -keywords: security, malware ms.topic: conceptual -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/07/2022 -ms.technology: itpro-security --- # Create a WDAC policy for lightly managed devices -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later articles. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As in [Windows Defender Application Control deployment in different scenarios: types of devices](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads. @@ -52,12 +34,12 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo Based on the above, Alice defines the pseudo-rules for the policy: -1. **“Windows works”** rules that authorize: +1. **"Windows works"** rules that authorize: - Windows - WHQL (third-party kernel drivers) - Windows Store signed apps -1. **"ConfigMgr works”** rules that include: +1. **"ConfigMgr works"** rules that include: - Signer and hash rules for Configuration Manager components to properly function. - **Allow Managed Installer** rule to authorize Configuration Manager as a managed installer. @@ -97,7 +79,7 @@ Alice follows these steps to complete this task: 1. Modify the policy to remove unsupported rule: > [!NOTE] - > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](windows-defender-application-control.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. + > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../wdac.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. ```powershell [xml]$xml = Get-Content $LamnaPolicy @@ -191,7 +173,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m - **Intelligent Security Graph (ISG)** - See [security considerations with the Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) + See [security considerations with the Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) Possible mitigations: @@ -227,4 +209,4 @@ In order to minimize user productivity impact, Alice has defined a policy that m ## Up next - [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) -- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md similarity index 87% rename from windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md index 7a10547365..77a4402365 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md @@ -1,46 +1,28 @@ --- -title: Create a WDAC policy using a reference computer +title: Create a WDAC policy using a reference computer description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 08/08/2022 -ms.technology: itpro-security ms.topic: article --- # Create a WDAC policy using a reference computer -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on WDAC on systems "in the wild" and you want to minimize the potential impact on users' productivity. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. ## Create a custom base policy using a reference device -Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on. +Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a "golden" image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on. > [!NOTE] > Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy.

Each installed software application should be validated as trustworthy before you create a policy.

We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts. You can remove or disable such software on the reference computer. @@ -53,7 +35,7 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo Based on the above, Alice defines the pseudo-rules for the policy: -1. **“Windows works”** rules that authorize: +1. **"Windows works"** rules that authorize: - Windows - WHQL (third-party kernel drivers) - Windows Store signed apps diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md similarity index 94% rename from windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md index 63c927ae1a..1d76e0e5a9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md @@ -1,33 +1,15 @@ --- -title: Use multiple Windows Defender Application Control Policies +title: Use multiple Windows Defender Application Control Policies description: Windows Defender Application Control supports multiple code integrity policies for one device. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 07/19/2021 -ms.technology: itpro-security ms.topic: article --- # Use multiple Windows Defender Application Control Policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Prior to Windows 10 1903, Windows Defender Application Control only supported a single active policy on a system at any given time. This limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: @@ -116,4 +98,3 @@ For more information on deploying multiple policies, optionally using Microsoft * If the maximum number of policies is exceeded, the device may bluescreen referencing ci.dll with a bug check value of 0x0000003b. * If policies are loaded without requiring a reboot such as `PS_UpdateAndCompareCIPolicy`, they will still count towards this limit. * This may pose an especially large challenge if the value of `{PolicyGUID}.cip` changes between releases. It may result in a long window between a change and the resultant reboot. - diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md similarity index 96% rename from windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md index fdbd1d7ecc..e186ea2bb6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md @@ -2,26 +2,14 @@ title: Example Windows Defender Application Control base policies description: When creating a Windows Defender Application Control (WDAC) policy for an organization, start from one of the many available example base policies. ms.topic: reference -ms.prod: windows-client ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 03/31/2023 -ms.technology: itpro-security --- # Windows Defender Application Control example base policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). When you create policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods. diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md similarity index 90% rename from windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md index aa63cd5b61..db1a336471 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md @@ -1,33 +1,15 @@ --- -title: Manage packaged apps with WDAC +title: Manage packaged apps with WDAC description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 03/01/2023 -ms.technology: itpro-security ms.topic: article --- # Manage Packaged Apps with Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy. @@ -96,7 +78,7 @@ Use the following steps to create a WDAC PFN rule for an app that is installed o 7. Select **Create Rule**. 8. Create any other rules desired, then complete the Wizard. -![Create PFN rule from WDAC Wizard](images/wdac-wizard-custom-pfn-rule.png) +![Create PFN rule from WDAC Wizard](../images/wdac-wizard-custom-pfn-rule.png) ##### Create a PFN rule using a custom string @@ -109,4 +91,4 @@ Use the following steps to create a PFN rule with a custom string value: 5. Select **Create Rule**. 6. Create any other rules desired, then complete the Wizard. -![Create PFN rule with custom string from WDAC Wizard](images/wdac-wizard-custom-manual-pfn-rule.png) +![Create PFN rule with custom string from WDAC Wizard](../images/wdac-wizard-custom-manual-pfn-rule.png) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md similarity index 99% rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md index 3b7f22c1df..ebc63fd06e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md @@ -1,27 +1,15 @@ --- title: Microsoft recommended block rules description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community. -ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jgeurten -ms.author: vinpa -manager: aaroncz ms.date: 06/14/2023 ms.topic: reference --- # Microsoft recommended block rules -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC. @@ -99,7 +87,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you > [!NOTE] > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. -Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that application’s previous, less secure versions. +Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that application's previous, less secure versions. Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can be blocked by their corresponding hashes. @@ -198,7 +186,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and - +