mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-07-06 20:53:38 +00:00
updates
This commit is contained in:
Paolo Matarazzo
@ -67,7 +67,7 @@ To enforce processing of the group policy, you can run `gpupdate /force`.
|
||||
|
||||
### Enable Windows Defender Credential Guard by using Microsoft Intune
|
||||
|
||||
1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices**.
|
||||
1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices**.
|
||||
|
||||
1. Select **Configuration Profiles**.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ We recommend that you disable or manage Windows Hello for Business provisioning
|
||||
|
||||
The following method explains how to disable Windows Hello for Business enrollment using Intune.
|
||||
|
||||
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
|
||||
3. If you don't want to enable Windows Hello for Business during device enrollment, select **Disabled** for **Configure Windows Hello for Business**.
|
||||
|
||||
|
||||
@ -106,7 +106,7 @@ Once these requirements are met, a policy can be configured in Intune that provi
|
||||
|
||||
This section describes how to configure a SCEP policy in Intune. Similar steps can be followed to configure a PKCS policy.
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Intune admin center</b></a>
|
||||
1. Select **Devices > Configuration profiles > Create profile**
|
||||
1. Select **Platform > Windows 10 and later** and **Profile type > Templates > SCEP Certificate**
|
||||
1. Select **Create**
|
||||
|
||||
@ -129,7 +129,7 @@ Before you can remotely reset PINs, your devices must be configured to enable PI
|
||||
|
||||
You can configure Windows devices to use the **Microsoft PIN Reset Service** using Microsoft Intune.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Configuration profiles** > **Create profile**.
|
||||
1. Enter the following properties:
|
||||
- **Platform**: Select **Windows 10 and later**.
|
||||
@ -151,7 +151,7 @@ You can configure Windows devices to use the **Microsoft PIN Reset Service** usi
|
||||
|
||||
>[!NOTE]
|
||||
> You can also configure PIN recovery from the **Endpoint security** blade:
|
||||
> 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
> 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
> 1. Select **Endpoint security** > **Account protection** > **Create Policy**.
|
||||
|
||||
#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
|
||||
@ -232,7 +232,7 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au
|
||||
|
||||
### Configure Web Sign-in Allowed URLs using Microsoft Intune
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
|
||||
1. Select **Devices** > **Configuration profiles** > **Create profile**
|
||||
1. Enter the following properties:
|
||||
- **Platform**: Select **Windows 10 and later**
|
||||
|
||||
@ -848,7 +848,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Select **Devices**, and then select **Configuration Profiles**.
|
||||
|
||||
@ -901,7 +901,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
1. Sign-in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign-in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Select **Devices**, and then select **Configuration Profiles**.
|
||||
|
||||
|
||||
@ -242,7 +242,7 @@ The domain controllers have a certificate that includes the new CRL distribution
|
||||
|
||||
To configure devices with Microsoft Intune, use a custom policy:
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Intune admin center</b></a>
|
||||
1. Select **Devices > Configuration profiles > Create profile**
|
||||
1. Select **Platform > Windows 8.1 and later** and **Profile type > Trusted certificate**
|
||||
1. Select **Create**
|
||||
|
||||
@ -119,12 +119,12 @@ There are different ways to enable and configure Windows Hello for Business in I
|
||||
|
||||
To check the Windows Hello for Business policy applied at enrollment time:
|
||||
|
||||
1. Sign in to the <a href="https://endpoint.microsoft.com/" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Windows Enrollment**
|
||||
1. Select **Windows Hello for Business**
|
||||
1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured
|
||||
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Endpoint Manager admin center." border="true" lightbox="images/whfb-intune-disable.png":::
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Intune admin center." lightbox="images/whfb-intune-disable.png":::
|
||||
|
||||
If the tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
|
||||
|
||||
@ -132,7 +132,7 @@ If the tenant-wide policy is enabled and configured to your needs, you can skip
|
||||
|
||||
To configure Windows Hello for Business using an *account protection* policy:
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Endpoint security** > **Account protection**
|
||||
1. Select **+ Create Policy**
|
||||
1. For *Platform**, select **Windows 10 and later** and for *Profile* select **Account protection**
|
||||
@ -147,7 +147,7 @@ To configure Windows Hello for Business using an *account protection* policy:
|
||||
1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
|
||||
1. Review the policy configuration and select **Create**
|
||||
|
||||
:::image type="content" source="images/whfb-intune-account-protection-cert-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Endpoint Manager admin center using an account protection policy." border="true" lightbox="images/whfb-intune-account-protection-cert-enable.png":::
|
||||
:::image type="content" source="images/whfb-intune-account-protection-cert-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-cert-enable.png":::
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -98,7 +98,7 @@ If you already enabled Windows Hello for Business, you can skip to **configure t
|
||||
|
||||
You can also follow these steps to create a device configuration policy instead of using the device enrollment policy:
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
|
||||
1. For Platform, select **Windows 10 and later**.
|
||||
1. For Profile Type, select **Templates** and select the **Identity Protection** Template.
|
||||
@ -116,7 +116,7 @@ Windows Hello for Business settings are also available in the settings catalog.
|
||||
|
||||
To configure the cloud Kerberos trust policy, follow the steps below:
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
|
||||
1. For Profile Type, select **Templates** and select the **Custom** Template.
|
||||
1. Name the profile with a familiar name. For example, "Windows Hello for Business cloud Kerberos trust".
|
||||
|
||||
@ -35,12 +35,12 @@ There are different ways to enable and configure Windows Hello for Business in I
|
||||
|
||||
To check the Windows Hello for Business policy applied at enrollment time:
|
||||
|
||||
1. Sign in to the <a href="https://endpoint.microsoft.com/" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Windows Enrollment**
|
||||
1. Select **Windows Hello for Business**
|
||||
1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured
|
||||
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Endpoint Manager admin center." border="true" lightbox="images/whfb-intune-disable.png":::
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Intune admin center." lightbox="images/whfb-intune-disable.png":::
|
||||
|
||||
If the tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
|
||||
|
||||
@ -48,7 +48,7 @@ If the tenant-wide policy is enabled and configured to your needs, you can skip
|
||||
|
||||
To configure Windows Hello for Business using an *account protection* policy:
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Endpoint security** > **Account protection**
|
||||
1. Select **+ Create Policy**
|
||||
1. For *Platform**, select **Windows 10 and later** and for *Profile* select **Account protection**
|
||||
@ -62,7 +62,7 @@ To configure Windows Hello for Business using an *account protection* policy:
|
||||
1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
|
||||
1. Review the policy configuration and select **Create**
|
||||
|
||||
:::image type="content" source="images/whfb-intune-account-protection-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Endpoint Manager admin center using an account protection policy." border="true" lightbox="images/whfb-intune-account-protection-enable.png":::
|
||||
:::image type="content" source="images/whfb-intune-account-protection-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-enable.png":::
|
||||
|
||||
#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
|
||||
|
||||
|
||||
@ -295,9 +295,9 @@ The following sample is a sample plug-in VPN profile. This blob would fall under
|
||||
|
||||
## Apply ProfileXML using Intune
|
||||
|
||||
After you configure the settings that you want using ProfileXML, you can create a custom profile in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). After it's created, you deploy this profile to your devices.
|
||||
After you configure the settings that you want using ProfileXML, you can create a custom profile in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). After it's created, you deploy this profile to your devices.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
2. Select **Devices** > **Configuration profiles** > **Create profile**.
|
||||
3. Enter the following properties:
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ This article depicts the BitLocker deployment comparison chart.
|
||||
|*Cloud or on premises* | Cloud | On premises | On premises |
|
||||
|Server components required? | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|
||||
|*Additional agent required?* | No (device enrollment only) | Configuration Manager client | MBAM client |
|
||||
|*Administrative plane* | Microsoft Endpoint Manager admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
|
||||
|*Administrative plane* | Microsoft Intune admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
|
||||
|*Administrative portal installation required* | | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|
||||
|*Compliance reporting capabilities* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|
||||
|*Force encryption* | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: | :::image type="content" source="images/yes-icon.png" alt-text="supported."::: |
|
||||
|
||||
@ -21,7 +21,7 @@ ms.date: 12/13/2022
|
||||
|
||||
### Enable Personal Data Encryption (PDE)
|
||||
|
||||
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
|
||||
@ -65,7 +65,7 @@ ms.date: 12/13/2022
|
||||
|
||||
### Disable Winlogon automatic restart sign-on (ARSO)
|
||||
|
||||
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
|
||||
@ -107,7 +107,7 @@ ms.date: 12/13/2022
|
||||
|
||||
### Disable kernel-mode crash dumps and live dumps
|
||||
|
||||
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
|
||||
@ -145,7 +145,7 @@ ms.date: 12/13/2022
|
||||
|
||||
### Disable Windows Error Reporting (WER)/Disable user-mode crash dumps
|
||||
|
||||
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
|
||||
@ -183,7 +183,7 @@ ms.date: 12/13/2022
|
||||
|
||||
### Disable hibernation
|
||||
|
||||
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
|
||||
@ -221,7 +221,7 @@ ms.date: 12/13/2022
|
||||
|
||||
### Disable allowing users to select when a password is required when resuming from connected standby
|
||||
|
||||
1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Navigate to **Devices** > **Configuration Profiles**
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ After you've created and deployed your Windows Information Protection (WIP) poli
|
||||
|
||||
To associate your WIP policy with your organization's existing VPN policy, use the following steps:
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
2. Select **Devices** > **Configuration profiles** > **Create profile**.
|
||||
3. Enter the following properties:
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Create a WIP policy in Intune
|
||||
description: Learn how to use the Microsoft Endpoint Manager admin center to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
|
||||
description: Learn how to use the Microsoft Intune admin center to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
|
||||
ms.prod: windows-client
|
||||
author: aczechowski
|
||||
ms.author: aaroncz
|
||||
@ -53,7 +53,7 @@ Before you can create a WIP policy using Intune, you need to configure an MDM or
|
||||
|
||||
## Create a WIP policy
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Open Microsoft Intune and select **Apps** > **App protection policies** > **Create policy**.
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ When you unassign an existing policy, it removes the intent to deploy WIP from t
|
||||
|
||||
If you're currently deploying a WIP policy for enrolled or unenrolled devices, you switch the WIP policy to Off. When devices check in after this change, the devices will proceed to unprotect files previously protected by WIP.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Open Microsoft Intune and select **Apps** > **App protection policies**.
|
||||
1. Select the existing policy to turn off, and then select the **Properties**.
|
||||
1. Edit **Required settings**.
|
||||
|
||||
@ -25,7 +25,7 @@ In the **Website learning report**, you can view a summary of the devices that h
|
||||
|
||||
## Access the WIP Learning reports
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
1. Select **Apps** > **Monitor** > **App protection status** > **Reports**.
|
||||
|
||||
|
||||
@ -99,7 +99,7 @@ Application Guard functionality is turned off by default. However, you can quick
|
||||
|
||||
:::image type="content" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Enroll devices in Intune.":::
|
||||
|
||||
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
|
||||
1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
|
||||
|
||||
1. In the **Platform** list, select **Windows 10 and later**.
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ When you create policies for use with Windows Defender Application Control (WDAC
|
||||
|
||||
| **Example Base Policy** | **Description** | **Where it can be found** |
|
||||
|-------------------------|---------------------------------------------------------------|--------|
|
||||
| **DefaultWindows_\*.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_\*.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\DefaultWindows_Audit.xml |
|
||||
| **DefaultWindows_\*.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for the [Microsoft Intune product family](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_\*.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\DefaultWindows_Audit.xml |
|
||||
| **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\AllowMicrosoft.xml |
|
||||
| **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml |
|
||||
| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll_EnableHVCI.xml |
|
||||
|
||||
@ -24,9 +24,9 @@ ms.date: 12/31/2017
|
||||
>[!IMPORTANT]
|
||||
>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||
|
||||
To get started, Open the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and then go to **Devices** > **Windows** > **Configuration profiles** > **Create profile** > Choose **Windows 10 and later** as the platform, Choose **Templates**, then **Endpoint protection** as the profile type.
|
||||
To get started, Open the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and then go to **Devices** > **Windows** > **Configuration profiles** > **Create profile** > Choose **Windows 10 and later** as the platform, Choose **Templates**, then **Endpoint protection** as the profile type.
|
||||
Select Windows Defender Firewall.
|
||||
:::image type="content" source="images/windows-firewall-intune.png" alt-text="Example of a Windows Defender Firewall policy in Microsoft Intune and the Endpoint Manager admin center.":::
|
||||
:::image type="content" source="images/windows-firewall-intune.png" alt-text="Example of a Windows Defender Firewall policy in Microsoft Intune and the Intune admin center.":::
|
||||
|
||||
>[!IMPORTANT]
|
||||
>A single Endpoint Protection profile may contain up to a maximum of 150 firewall rules. If a client device requires more than 150 rules, then multiple profiles must be assigned to it.
|
||||
|
||||
Reference in New Issue
Block a user