deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update links for App Control for Business

Browse Source
This commit is contained in:
Vinay Pamnani (from Dev Box)
2024-09-11 13:49:47 -06:00
parent 923fce7881
commit 2ecfc7e352
12 changed files with 24 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -11,9 +11,9 @@ ms.date: 01/31/2024
<!-- ApplicationControl-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
Existing App Control for Business policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although App Control policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
<!-- ApplicationControl-Editable-End -->
<!-- ApplicationControl-Tree-Begin -->
@ -861,7 +861,7 @@ The following table provides the result of this policy based on different values
## Microsoft Intune Usage Guidance
For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy App Control for Business policies by using Microsoft Intune](/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-wdac-policies-using-intune).
## Generic MDM Server Usage Guidance
@ -1014,7 +1014,7 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Co
### Setup for using the WMI Bridge
1. Convert your WDAC policy to Base64.
1. Convert your App Control policy to Base64.
2. Open PowerShell in Local System context (through PSExec or something similar).
3. Use WMI Interface:

2
windows/client-management/mdm/policy-csp-admx-deviceguard.md
View File

@ -14,7 +14,7 @@ ms.date: 08/06/2024
<!-- ADMX_DeviceGuard-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!WARNING]
> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
> Group Policy-based deployment of App Control for Business policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
<!-- ADMX_DeviceGuard-Editable-End -->
<!-- ConfigCIPolicy-Begin -->