deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 10193: DeviceGuard/EnableSystemGuard - added to Policy CSP

Browse Source
This commit is contained in:
Maricia Alforque 2018-07-30 18:21:15 +00:00
parent afb1dcc12a
commit 12727381d5
2 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -979,6 +979,9 @@ The following diagram shows the Policy configuration service provider in tree fo
### DeviceGuard policies ### DeviceGuard policies
<dl> <dl>
<dd>
<a href="./policy-csp-deviceguard.md#deviceguard-enablesystemguard" id="deviceguard-enablesystemguard">DeviceGuard/EnableSystemGuard</a>
</dd>
<dd> <dd>
<a href="./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity" id="deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a> <a href="./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity" id="deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
</dd> </dd>
@ -4284,6 +4287,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) - [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) - [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders) - [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceGuard/EnableSystemGuard](./policy-csp-deviceguard.md#deviceguard-enablesystemguard)
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity) - [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags) - [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures) - [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)

77
windows/client-management/mdm/policy-csp-deviceguard.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: MariciaAlforque author: MariciaAlforque
ms.date: 03/12/2018 ms.date: 07/30/2018
--- ---
# Policy CSP - DeviceGuard # Policy CSP - DeviceGuard
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/> <hr/>
@ -19,6 +21,9 @@ ms.date: 03/12/2018
## DeviceGuard policies ## DeviceGuard policies
<dl> <dl>
<dd>
<a href="#deviceguard-enablesystemguard">DeviceGuard/EnableSystemGuard</a>
</dd>
<dd> <dd>
<a href="#deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a> <a href="#deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
</dd> </dd>
@ -31,6 +36,75 @@ ms.date: 03/12/2018
</dl> </dl>
<hr/>
<!--Policy-->
<a href="" id="deviceguard-enablesystemguard"></a>**DeviceGuard/EnableSystemGuard**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy allows the IT admin to configure the launch of System Guard.
Secure Launch configuration:
- 0 - Unmanaged, configurable by Administrative user
- 1 - Enables Secure Launch if supported by hardware
- 2 - Disables Secure Launch.
For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How hardware-based containers help protect Windows 10](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows).
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Turn On Virtualization Based Security*
- GP name: *VirtualizationBasedSecurity*
- GP element: *SystemGuardDrop*
- GP path: *System/Device Guard*
- GP ADMX file name: *DeviceGuard.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/> <hr/>
<!--Policy--> <!--Policy-->
@ -215,6 +289,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703. - 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709. - 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803. - 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies--> <!--/Policies-->