deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

Browse Source
This commit is contained in:
officedocspr
2020-05-11 18:08:35 +00:00
parent 3b991bbf5b 07719c47d5
commit 23e360a1d1
15 changed files with 52 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/alljoynmanagement-ddf.md
View File

@ -1,6 +1,6 @@
---
title: AllJoynManagement DDF
description: AllJoynManagement DDF
description: Learn the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider.
ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/appv-deploy-and-config.md
View File

@ -1,6 +1,6 @@
---
title: Deploy and configure App-V apps using MDM
description: Deploy and configure App-V apps using MDM
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Configuration Manager or App-V server.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -1,6 +1,6 @@
---
title: CM\_ProxyEntries CSP
description: CM\_ProxyEntries CSP
description: Configure proxy connections on mobile devices using CM\_ProxyEntries CSP.
ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/enterpriseextfilessystem-csp.md
View File

@ -1,6 +1,6 @@
---
title: EnterpriseExtFileSystem CSP
description: EnterpriseExtFileSystem CSP
description: Add, retrieve, or change files through the Mobile Device Management (MDM) service using the EnterpriseExtFileSystem CSP.
ms.assetid: F773AD72-A800-481A-A9E2-899BA56F4426
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/policy-csp-abovelock.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - AboveLock
description: Policy CSP - AboveLock
description: Learn the various AboveLock Policy CSP for Windows editions of Home, Pro, Business, and more.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article

2
windows/client-management/mdm/policy-csp-credentialproviders.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - CredentialProviders
description: Policy CSP - CredentialProviders
description: Learn the policy CSP for credential provider set up, sign in, PIN requests and so on.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/policy-csp-experience.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - Experience
description: Policy CSP - Experience
description: Learn the various Experience policy CSP for Cortana, Sync, Spotlight and more.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/policy-csp-notifications.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - Notifications
description: Policy CSP - Notifications
description: Block applications from using the network to send tile, badge, toast, and raw notifications for Policy CSP - Notifications.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/storage-ddf-file.md
View File

@ -1,6 +1,6 @@
---
title: Storage DDF file
description: Storage DDF file
description: See how storage configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C
ms.reviewer:
manager: dansimp

4
windows/client-management/mdm/wifi-csp.md
View File

@ -1,6 +1,6 @@
---
title: WiFi CSP
description: WiFi CSP
description: The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device.
ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06
ms.reviewer:
manager: dansimp
@ -102,7 +102,7 @@ Added in Windows 10, version 1607. Optional. When set to true it enables Web Pr
Value type is bool.
<a href="" id="wificost"></a>**WiFiCost**
Added in Windows 10, version 1809. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behaviour: Unrestricted.
Added in Windows 10, version 1809. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behavior: Unrestricted.
Supported values:

1
windows/security/threat-protection/TOC.md
View File

@ -38,7 +38,6 @@
#### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
#### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
#### [Attack surface reduction rules in Windows 10 Enterprise E3](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3)
#### [Attack surface reduction controls]()
##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)

54
windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
View File

@ -1,54 +0,0 @@
---
title: Use attack surface reduction rules in Windows 10 Enterprise E3
description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect machines with malware
keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.reviewer:
manager: dansimp
ms.custom: asr
---
# Use attack surface reduction rules in Windows 10 Enterprise E3
**Applies to:**
- Windows 10 Enterprise E5
- Windows 10 Enterprise E3
Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction includes the rules, monitoring, reporting, and analytics necessary for deployment, and this is included in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md). These capabilities require the Windows 10 Enterprise E5 license.
A limited subset of basic attack surface reduction rules can be used with Windows 10 Enterprise E3 (without the benefits of reporting, monitoring, and analytics). The table below lists attack surface reduction rules available in Windows E3 and Windows E5.
|Rule |Windows E3 |Windows E5 |
|--|--|--|
[Block executable content from email client and webmail](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-executable-content-from-email-client-and-webmail) |Yes |Yes |
|[Block all Office applications from creating child processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-all-office-applications-from-creating-child-processes) |Yes |Yes |
|[Block Office applications from creating executable content](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-applications-from-creating-executable-content) |Yes |Yes |
|[Block Office applications from injecting code into other processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-applications-from-injecting-code-into-other-processes) |Yes |Yes |
|[Block JavaScript or VBScript from launching downloaded executable content](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-javascript-or-vbscript-from-launching-downloaded-executable-content) |Yes |Yes |
|[Block execution of potentially obfuscated scripts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-execution-of-potentially-obfuscated-scripts) |Yes |Yes |
|[Block Win32 API calls from Office macros](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-win32-api-calls-from-office-macros) |Yes |Yes |
|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | |Yes |
|[Use advanced protection against ransomware](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#use-advanced-protection-against-ransomware) |Yes |Yes |
|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-credential-stealing-from-the-windows-local-security-authority-subsystem) |Yes |Yes |
|[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands) |Yes |Yes |
|[Block untrusted and unsigned processes that run from USB](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-untrusted-and-unsigned-processes-that-run-from-usb) |Yes |Yes |
|[Block Office communication applications from creating child processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-communication-application-from-creating-child-processes) | |Yes |
|[Block Adobe Reader from creating child processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-adobe-reader-from-creating-child-processes) | |Yes |
|[Block persistence through WMI event subscription](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-persistence-through-wmi-event-subscription) | |Yes |
Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
## Related articles
- [Attack surface reduction rules](attack-surface-reduction.md)
- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
- [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
- [Customize attack surface reduction rules](customize-attack-surface-reduction.md)