mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 14:57:23 +00:00
Updated 41 to 60
This commit is contained in:
Meghana Athavale
parent
36b8cad96b
commit
10c89c2930
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create an Inbound Port Rule (Windows 10)
|
||||
title: Create an Inbound Port Rule (Windows)
|
||||
description: Learn to allow traffic on specific ports by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Defender Firewall
|
||||
with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create an Inbound Program or Service Rule (Windows 10)
|
||||
title: Create an Inbound Program or Service Rule (Windows)
|
||||
description: Learn how to allow inbound traffic to a program or service by using the Group Policy Management MMC snap-in to create firewall rules.
|
||||
ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
To allow inbound network traffic to a specified program or service, use the Windows Defender Firewall with Advanced Securitynode in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create an Outbound Port Rule (Windows 10)
|
||||
title: Create an Outbound Port Rule (Windows)
|
||||
description: Learn to block outbound traffic on a port by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create an Outbound Program or Service Rule (Windows 10)
|
||||
title: Create an Outbound Program or Service Rule (Windows)
|
||||
description: Use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules.
|
||||
ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create Inbound Rules to Support RPC (Windows 10)
|
||||
title: Create Inbound Rules to Support RPC (Windows)
|
||||
description: Learn how to allow RPC network traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
To allow inbound remote procedure call (RPC) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your device by allowing network traffic only from devices that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create Windows Firewall rules in Intune (Windows 10)
|
||||
title: Create Windows Firewall rules in Intune (Windows)
|
||||
description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
|
||||
ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
|
||||
ms.reviewer:
|
||||
@ -21,12 +21,14 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!IMPORTANT]
|
||||
>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||
|
||||
To get started, open Device Configuration in Intune, then create a new profile.
|
||||
Choose Windows 10 as the platform, and Endpoint Protection as the profile type.
|
||||
Choose Windows 10 or Windows 11 as the platform, and Endpoint Protection as the profile type.
|
||||
Select Windows Defender Firewall.
|
||||
|
||||
|
||||
@ -35,7 +37,7 @@ Select Windows Defender Firewall.
|
||||
|
||||
## Firewall rule components
|
||||
|
||||
The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](/windows/client-management/mdm/firewall-csp).
|
||||
The firewall rule configurations in Intune use the Windows CSP for Firewall. For more information, see [Firewall CSP](/windows/client-management/mdm/firewall-csp).
|
||||
|
||||
## Application
|
||||
Control connections for an app or program.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create WMI Filters for the GPO (Windows 10)
|
||||
title: Create WMI Filters for the GPO (Windows)
|
||||
description: Learn how to use WMI filters on a GPO to make sure that each GPO for a group can only be applied to devices running the correct version of Windows.
|
||||
ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/16/2021
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device.
|
||||
|
||||
@ -58,13 +59,13 @@ First, create the WMI filter and configure it to look for a specified version (o
|
||||
select * from Win32_OperatingSystem where Version like "6.%"
|
||||
```
|
||||
|
||||
This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". For Windows 10 and Windows Server 2016, use "10.%". To specify multiple versions, combine them with or, as shown in the following:
|
||||
This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". For Windows 11, Windows 10, and Windows Server 2016, use "10.%". To specify multiple versions, combine them with or, as shown in the following:
|
||||
|
||||
``` syntax
|
||||
... where Version like "6.1%" or Version like "6.2%"
|
||||
```
|
||||
|
||||
To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
|
||||
To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 and Windows 11 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
|
||||
|
||||
The following clause returns **true** for all devices that are not domain controllers:
|
||||
|
||||
@ -72,7 +73,7 @@ First, create the WMI filter and configure it to look for a specified version (o
|
||||
... where ProductType="1" or ProductType="3"
|
||||
```
|
||||
|
||||
The following complete query returns **true** for all devices running Windows 10, and returns **false** for any server operating system or any other client operating system.
|
||||
The following complete query returns **true** for all devices running Windows 10 and Windows 11, and returns **false** for any server operating system or any other client operating system.
|
||||
|
||||
``` syntax
|
||||
select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Designing a Windows Defender Firewall Strategy (Windows 10)
|
||||
title: Designing a Windows Defender Firewall Strategy (Windows)
|
||||
description: Answer the question in this article to design an effective Windows Defender Firewall with Advanced Security Strategy.
|
||||
ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the devices on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the devices.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Determining the Trusted State of Your Devices (Windows 10)
|
||||
title: Determining the Trusted State of Your Devices (Windows)
|
||||
description: Learn how to define the trusted state of devices in your enterprise to help design your strategy for using Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Documenting the Zones (Windows 10)
|
||||
title: Documenting the Zones (Windows)
|
||||
description: Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Defender Firewall with Advanced Security Strategy section. A sample is shown here:
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Domain Isolation Policy Design Example (Windows 10)
|
||||
title: Domain Isolation Policy Design Example (Windows)
|
||||
description: This example uses a fictitious company to illustrate domain isolation policy design in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Domain Isolation Policy Design (Windows 10)
|
||||
title: Domain Isolation Policy Design (Windows)
|
||||
description: Learn how to design a domain isolation policy, based on which devices accept only connections from authenticated members of the same isolated domain.
|
||||
ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
In the domain isolation policy design, you configure the devices on your network to accept only connections coming from devices that are authenticated as members of the same isolated domain.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Enable Predefined Inbound Rules (Windows 10)
|
||||
title: Enable Predefined Inbound Rules (Windows)
|
||||
description: Learn the rules for Windows Defender Firewall with Advanced Security for common networking roles and functions.
|
||||
ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
Windows Defender Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a device or enable a network feature on a client device, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the devices on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Enable Predefined Outbound Rules (Windows 10)
|
||||
title: Enable Predefined Outbound Rules (Windows)
|
||||
description: Learn to deploy predefined firewall rules that block outbound network traffic for common network functions in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/07/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
By default, Windows Defender Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Defender Firewall includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically does not enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Encryption Zone GPOs (Windows 10)
|
||||
title: Encryption Zone GPOs (Windows)
|
||||
description: Learn how to add a device to an encryption zone by adding the device account to the encryption zone group in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Encryption Zone (Windows 10)
|
||||
title: Encryption Zone (Windows)
|
||||
description: Learn how to create an encryption zone to contain devices that host very sensitive data and require that the sensitive network traffic be encrypted.
|
||||
ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
Some servers in the organization host data that's very sensitive, including medical, financial, or other personal data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows 10)
|
||||
title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows)
|
||||
description: Evaluating Windows Defender Firewall with Advanced Security Design Examples
|
||||
ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
The following Windows Defender Firewall with Advanced Security design examples illustrate how you can use Windows Defender Firewall to improve the security of the devices connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Defender Firewall designs and to determine which design or combination of designs best suits the goals of your organization.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Exempt ICMP from Authentication (Windows 10)
|
||||
title: Exempt ICMP from Authentication (Windows)
|
||||
description: Learn how to add exemptions for any network traffic that uses the ICMP protocol in Windows Defender Firewall with Advanced Security.
|
||||
ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/17/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Exemption List (Windows 10)
|
||||
title: Exemption List (Windows)
|
||||
description: Learn about reasons to add devices to an exemption list in Windows Defender Firewall with Advanced Security and the trade-offs of having too many exemptions.
|
||||
ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all devices on the internal network, yet secured from network attacks. However, if they must remain available to all devices on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Firewall GPOs (Windows 10)
|
||||
title: Firewall GPOs (Windows)
|
||||
description: In this example, a Group Policy Object is linked to the domain container because the domain controllers are not part of the isolated domain.
|
||||
ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033
|
||||
ms.reviewer:
|
||||
@ -14,7 +14,7 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user