Merge branch 'main' into aljupudi-5857645-DisableSearchpolicyupdate

2025-05-12 13:27:23 +00:00 · 2022-07-12 15:59:38 -07:00 · 2022-07-12 15:59:38 -07:00 · 27de90343b
commit 27de90343b
parent 89658c802f 7f6dc29eaa
3 changed files with 17 additions and 17 deletions
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@ -49,19 +49,21 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will

 To enforce processing of the group policy, you can run `gpupdate /force`.

-### Enable Windows Defender Credential Guard by using Intune
+### Enable Windows Defender Credential Guard by using Microsoft Endpoint Manager

-1. From **Home**, select **Microsoft Intune**.
+1. From **Microsoft Endpoint Manager admin center**, select **Devices**.

-1. Select **Device configuration**.
+1. Select **Configuration Profiles**.

-1. Select **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**.
+1. Select  **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**.

-   > [!NOTE]
-   > It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
+   1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings.
+
+> [!NOTE]
+> Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.

 > [!TIP]
-> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
+> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Endpoint Manager](/mem/intune/protect/endpoint-security-account-protection-profile-settings).

 ### Enable Windows Defender Credential Guard by using the registry

--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@ -23,6 +23,7 @@ ms.technology: windows-sec
 **Applies to**

 - Windows 10
+- Windows 11

 This reference topic describes the common scenarios, architecture, and processes for security settings.

@ -44,7 +45,7 @@ For more info about managing security configurations, see [Administer security p

 The Security Settings extension of the Local Group Policy Editor includes the following types of security policies:

- **Account Policies.** These polices are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies:
+- **Account Policies.** These policies are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies:

  - **Password Policy.** These policies determine settings for passwords, such as enforcement and lifetimes. Password policies are used for domain accounts.
  - **Account Lockout Policy.** These policies determine the conditions and length of time that an account will be locked out of the system. Account lockout policies are used for domain or local user accounts.
@ -119,7 +120,7 @@ For devices that are members of a Windows Server 2008 or later domain, securit

 - **Local Security Authority (LSA)**

-  A protected subsystem that authenticates and logs users onto the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system.
+  A protected subsystem that authenticates and logs on users to the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system.

 - **Windows Management Instrumentation (WMI)**

@ -296,7 +297,7 @@ Group Policy settings are processed in the following order:

 1. **Domain.**

-   Processing of multiple domain-linked Group Policy Objects is synchronous and in an order you speciy.
+   Processing of multiple domain-linked Group Policy Objects is synchronous and in an order you specify.

 1. **Organizational units.**

@ -404,4 +405,4 @@ To ensure that data is copied correctly, you can use Group Policy Management Con
 | - | - |
 | [Administer security policy settings](administer-security-policy-settings.md) | This article discusses different methods to administer security policy settings on a local device or throughout a small- or medium-sized organization.|
 | [Configure security policy settings](how-to-configure-security-policy-settings.md) | Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.|
-| [Security policy settings reference](security-policy-settings-reference.md) | This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.|
+| [Security policy settings reference](security-policy-settings-reference.md) | This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.|
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@ -40,12 +40,9 @@ The following table lists the default rules that are available for the DLL rule

 | Purpose | Name | User | Rule condition type |
 | - | - | - | - |
-| Allows members of the local Administrators group to run all DLLs | (Default Rule) All DLLs| 
-| BUILTIN\Administrators | Path: *| 
-| Allow all users to run DLLs in the Windows folder| (Default Rule) Microsoft Windows DLLs | 
-| Everyone | Path: %windir%\*| 
-| Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| 
-| Everyone | Path: %programfiles%\*| 
+| Allows members of the local Administrators group to run all DLLs | (Default Rule) All DLLs| BUILTIN\Administrators | Path: *| 
+| Allow all users to run DLLs in the Windows folder| (Default Rule) Microsoft Windows DLLs | Everyone | Path: %windir%\*| 
+| Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| Everyone | Path: %programfiles%\*| 
 
 > [!IMPORTANT]
 > If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps