mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-07-05 04:03:39 +00:00
Merged PR 10074: 7/25 AM Publish
This commit is contained in:
Huaping Yu (Beyondsoft Consulting Inc)
@ -284,7 +284,7 @@ MBAM supports the following versions of Configuration Manager.
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), version 1610</p></td>
|
||||
<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), versions up to 1806</p></td>
|
||||
<td align="left"><p></p></td>
|
||||
<td align="left"><p>64-bit</p></td>
|
||||
</tr>
|
||||
|
||||
@ -14,7 +14,7 @@ ms.date: 01/26/2018
|
||||
|
||||
The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709.
|
||||
|
||||
Firewall configuration commands must be wrapped in an Atomic block in SyncML.
|
||||
Each of the Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML.
|
||||
|
||||
For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/en-us/library/mt620101.aspx).
|
||||
|
||||
@ -284,7 +284,7 @@ Sample syncxml to provision the firewall settings to evaluate
|
||||
|
||||
<a href="" id="enabled"></a>**FirewallRules/_FirewallRuleName_/Enabled**
|
||||
<p style="margin-left: 20px">Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
|
||||
<p style="margin-left: 20px">If not specified - a new rule is disabled by default.</p>
|
||||
<p style="margin-left: 20px">If not specified - a new rule is enabled by default.</p>
|
||||
<p style="margin-left: 20px">Boolean value. Supported operations are Get and Replace.</p>
|
||||
|
||||
<a href="" id="profiles"></a>**FirewallRules/_FirewallRuleName_/Profiles**
|
||||
@ -310,7 +310,7 @@ Sample syncxml to provision the firewall settings to evaluate
|
||||
<ul>
|
||||
<li>IN - the rule applies to inbound traffic.</li>
|
||||
<li>OUT - the rule applies to outbound traffic.</li>
|
||||
<li>If not specified, the default is IN.</li>
|
||||
<li>If not specified, the default is Out.</li>
|
||||
</ul>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operations are Get and Replace.</p>
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ This section describes the **Policies** settings that you can configure in [prov
|
||||
| [AllowDeveloperUnlock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | X | X | X | X | X |
|
||||
| [AllowGameDVR](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | X | | | | |
|
||||
| [AllowSharedUserAppData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | X | X | | | |
|
||||
| [AllowStore](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device (?) | | X | | | |
|
||||
| [AllowStore](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | X | | | |
|
||||
| [ApplicationRestrictions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | x | | | |
|
||||
| [RestrictAppDataToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | X | X | | | |
|
||||
| [RestrictAppToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | X | X | | | |
|
||||
|
||||
@ -60,7 +60,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o
|
||||
1. Open an elevated Windows PowerShell prompt.
|
||||
2. Use the following command to install the Active Directory Certificate Services role.
|
||||
```PowerShell
|
||||
Add-WindowsFeature Adcs-Cert-Authority -IncludeManageTools
|
||||
add-windowsfeature adcs-cert-authority -IncludeManagementTools
|
||||
```
|
||||
|
||||
3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration.
|
||||
|
||||
@ -53,10 +53,9 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
|
||||
|
||||
Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
|
||||
- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender Security Center](../windows-defender-atp/windows-defender-security-center-atp)
|
||||
- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
- [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
|
||||
- Windows Defender Device Guard
|
||||
- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control)
|
||||
- [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
|
||||
You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
|
||||
@ -76,7 +75,7 @@ This section covers requirements for each feature in Windows Defender EG.
|
||||
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
|
||||
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
|
||||
| Exploit protection |  |  |  |  |
|
||||
| Attack surface reduction |  |  |  |  |
|
||||
| Attack surface reduction |  |  |  |  |
|
||||
| Network protection |  |  |  |  |
|
||||
| Controlled folder access |  |  |  |  |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user