deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #8296 from isbrahm/patch-21

Browse Source 
Minor change: Add max policy limit to multi policy docs
This commit is contained in:
Kateyanne 2020-09-23 09:02:53 -07:00 committed by GitHub
commit 152cb38d0a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
View File

@ -14,7 +14,7 @@ author: jsuther1974
ms.reviewer: isbrahm ms.reviewer: isbrahm
ms.author: dansimp ms.author: dansimp
manager: dansimp manager: dansimp
ms.date: 04/15/2020 ms.date: 09/16/2020
--- ---
# Use multiple Windows Defender Application Control Policies # Use multiple Windows Defender Application Control Policies
@ -24,7 +24,7 @@ ms.date: 04/15/2020
- Windows 10 - Windows 10
- Windows Server 2016 - Windows Server 2016
The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios:
1. Enforce and Audit Side-by-Side 1. Enforce and Audit Side-by-Side
- To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side-by-side with an existing enforcement-mode base policy - To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side-by-side with an existing enforcement-mode base policy
@ -44,7 +44,7 @@ The restriction of only having a single code integrity policy active on a system
- Multiple base policies: intersection - Multiple base policies: intersection
- Only applications allowed by both policies run without generating block events - Only applications allowed by both policies run without generating block events
- Base + supplemental policy: union - Base + supplemental policy: union
- Files that are allowed by the base policy or the supplemental policy are not blocked - Files that are allowed by either the base policy or the supplemental policy are not blocked
## Creating WDAC policies in Multiple Policy Format ## Creating WDAC policies in Multiple Policy Format