mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 18:33:43 +00:00
Merge branch 'master' into removing-provisioned-apps-from-windows
This commit is contained in:
Heidi Lohr
@ -7,7 +7,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 11/09/2017
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# AppLocker CSP
|
||||
@ -430,6 +430,11 @@ The following list shows the apps that may be included in the inbox.
|
||||
<td>59553c14-5701-49a2-9909-264d034deb3d</td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Broker plug-in (same as Work or school account)</td>
|
||||
<td></td>
|
||||
<td>Microsoft.AAD.BrokerPlugin</td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td>Calculator</td>
|
||||
<td>b58171c6-c70c-4266-a2e8-8f9c994f4456</td>
|
||||
@ -466,6 +471,21 @@ The following list shows the apps that may be included in the inbox.
|
||||
<td>Microsoft.Windows.Cortana</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Cortana Listen UI</td>
|
||||
<td></td>
|
||||
<td>CortanaListenUI</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Credentials Dialog Host</td>
|
||||
<td></td>
|
||||
<td>Microsoft.CredDialogHost</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Device Portal PIN UX</td>
|
||||
<td></td>
|
||||
<td>holopairingapp</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Email and accounts</td>
|
||||
<td>39cf127b-8c67-c149-539a-c02271d07060</td>
|
||||
<td>Microsoft.AccountsControl</td>
|
||||
@ -536,6 +556,11 @@ The following list shows the apps that may be included in the inbox.
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Holographic Shell</td>
|
||||
<td></td>
|
||||
<td>HoloShell</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Lumia motion data</td>
|
||||
<td>8fc25fd2-4e2e-4873-be44-20e57f6ec52b</td>
|
||||
<td></td>
|
||||
@ -567,6 +592,11 @@ The following list shows the apps that may be included in the inbox.
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Migration UI</td>
|
||||
<td></td>
|
||||
<td>MigrationUIApp</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>MiracastView</td>
|
||||
<td>906beeda-b7e6-4ddc-ba8d-ad5031223ef9</td>
|
||||
<td>906beeda-b7e6-4ddc-ba8d-ad5031223ef9</td>
|
||||
@ -691,6 +721,11 @@ The following list shows the apps that may be included in the inbox.
|
||||
<td>2a4e62d8-8809-4787-89f8-69d0f01654fb</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Settings</td>
|
||||
<td></td>
|
||||
<td>SystemSettings</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Setup wizard</td>
|
||||
<td>07d87655-e4f0-474b-895a-773790ad4a32</td>
|
||||
<td></td>
|
||||
@ -701,6 +736,11 @@ The following list shows the apps that may be included in the inbox.
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Sign-in for Windows 10 Holographic</td>
|
||||
<td></td>
|
||||
<td>WebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td>Skype</td>
|
||||
<td>c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51</td>
|
||||
<td>Microsoft.SkypeApp</td>
|
||||
@ -1360,6 +1400,261 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
|
||||
</SyncML>
|
||||
```
|
||||
|
||||
## Example for Windows 10 Holographic for Business
|
||||
The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable to enable a working device, as well as Settings.
|
||||
|
||||
``` syntax
|
||||
<RuleCollection Type="Appx" EnforcementMode="Enabled">
|
||||
<FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
|
||||
Name="Whitelist BackgroundTaskHost"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="*"
|
||||
BinaryName="BackgroundTaskHost*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="8D345CB2-AC5B-4b6b-8F0B-DCE3F6FB9259"
|
||||
Name="Whitelist CertInstaller"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="*"
|
||||
ProductName="4c4ad968-7100-49de-8cd1-402e198d869e"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="9F07FB38-B952-4f3c-A17A-CE7EC8132987"
|
||||
Name="Whitelist MigrationUI"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="MigrationUIApp"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="1C32E96F-2F44-4317-9D98-2F624147D7AE"
|
||||
Name="Whitelist CredDiagHost"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="Microsoft.CredDialogHost"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="53DCC751-E92A-4d0a-84DF-E6EAC2A7C7CE"
|
||||
Name="Whitelist Settings"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="SystemSettings"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="70D9E233-81F4-4707-B79D-58F9C3A6BFB1"
|
||||
Name="Whitelist HoloShell"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="HoloShell"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="6557A9BC-BA1F-4b7d-90FD-8C620CA81906"
|
||||
Name="Whitelist MSA"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="Microsoft.Windows.CloudExperienceHost"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="81CD98A6-82EC-443f-87F8-039B00DFBE78"
|
||||
Name="Whitelist BrokerPlugin"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="Microsoft.AAD.BrokerPlugin"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="1330E03E-7D43-4e01-9853-40ED8CF62D10"
|
||||
Name="Whitelist SignIn1"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="WebAuthBridgeInternetSso"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="107EC30A-2CEF-4ec1-B556-F7DAA7DF7998"
|
||||
Name="Whitelist SignIn2"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="WebAuthBridgeInternet"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="F806AC17-3E31-4a83-92EB-6A34696478D1"
|
||||
Name="Whitelist SignIn3"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="WebAuthBridgeIntranetSso"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="E8CAF694-2256-4516-BDCC-CDABF218573C"
|
||||
Name="Whitelist SignIn4"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="WebAuthBrokerInternetSso"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="5918428D-B9A8-4810-8FB4-25AE5A25D5A7"
|
||||
Name="Whitelist SignIn5"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="WebAuthBrokerInternet"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="C90D99E3-C3EE-47c5-B181-7E8C54FA66B3"
|
||||
Name="Whitelist SignIn6"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="WebAuthBrokerIntranetSso"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="9CD87A91-FB48-480d-B788-3770A950CD03"
|
||||
Name="Whitelist SignIn7"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="SignIn"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="DCF74448-C287-4195-9072-8F3649AB9305"
|
||||
Name="Whitelist Cortana"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="Microsoft.Windows.Cortana"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="BE4FD0C4-527B-45a3-A5B8-F4EA00584779"
|
||||
Name="Whitelist Cortana ListenUI"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="CortanaListenUI"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="336509A7-FFBA-48cb-81BD-8DF9060B3CF8"
|
||||
Name="Whitelist Email and accounts"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="Microsoft.AccountsControl"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
<FilePublisherRule Id="55912F15-0B94-445b-80E1-83BC8F0E8999"
|
||||
Name="Whitelist Device Portal PIN UX"
|
||||
Description=""
|
||||
UserOrGroupSid="S-1-1-0"
|
||||
Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
|
||||
ProductName="holopairingapp"
|
||||
BinaryName="*">
|
||||
<BinaryVersionRange LowSection="*" HighSection="*" />
|
||||
</FilePublisherCondition>
|
||||
</Conditions>
|
||||
</FilePublisherRule>
|
||||
</RuleCollection>
|
||||
```
|
||||
|
||||
## Recommended deny list for Windows Information Protection
|
||||
The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 03/20/2018
|
||||
ms.date: 04/25/2018
|
||||
---
|
||||
|
||||
# AssignedAccess CSP
|
||||
@ -20,7 +20,7 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
|
||||
In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).
|
||||
|
||||
> [!Note]
|
||||
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S.
|
||||
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
|
||||
|
||||
The following diagram shows the AssignedAccess configuration service provider in tree format
|
||||
|
||||
@ -1137,4 +1137,64 @@ ShellLauncherConfiguration Get
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:schema>
|
||||
```
|
||||
|
||||
## Windows Holographic for Business edition example
|
||||
|
||||
This example configures the following apps: Skype, Learning, Feedback Hub, and Calibration, for first line workers. Use this XML in a provisioning package using Windows Configuration Designer. For instructions, see [Configure HoloLens using a provisioning package](https://docs.microsoft.com/en-us/hololens/hololens-provisioning).
|
||||
|
||||
``` syntax
|
||||
<?xml version="1.0" encoding="utf-8" ?>
|
||||
<!--
|
||||
This is a sample Assigned Access XML file. The Profile specifies which apps are allowed
|
||||
and their app IDs. An Assigned Access Config specifies the accounts or groups to which
|
||||
a Profile is applicable.
|
||||
|
||||
!!! NOTE: Change the Account below to a user in the tenant being tested !!!
|
||||
-->
|
||||
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
|
||||
<Profiles>
|
||||
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
|
||||
<AllAppsList>
|
||||
<AllowedApps>
|
||||
<!-- Learning app -->
|
||||
<App AppUserModelId="GGVLearning_cw5n1h2txyewy!GGVLearning" />
|
||||
<!-- Calibration app -->
|
||||
<App AppUserModelId="ViewCalibrationApp_cw5n1h2txyewy!ViewCalibrationApp" />
|
||||
<!-- Feedback Hub -->
|
||||
<App AppUserModelId="Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App" />
|
||||
<!-- HoloSkype -->
|
||||
<App AppUserModelId="Microsoft.SkypeApp_kzf8qxf38zg5c!App" />
|
||||
</AllowedApps>
|
||||
</AllAppsList>
|
||||
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
|
||||
<StartLayout>
|
||||
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
|
||||
<LayoutOptions StartTileGroupCellWidth="6" />
|
||||
<DefaultLayoutOverride>
|
||||
<StartLayoutCollection>
|
||||
<defaultlayout:StartLayout GroupCellWidth="6">
|
||||
<start:Group Name="Life at a glance">
|
||||
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.SkypeApp_kzf8qxf38zg5c!App" />
|
||||
</start:Group>
|
||||
</defaultlayout:StartLayout>
|
||||
</StartLayoutCollection>
|
||||
</DefaultLayoutOverride>
|
||||
</LayoutModificationTemplate>
|
||||
]]>
|
||||
</StartLayout>
|
||||
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
|
||||
<Taskbar ShowTaskbar="true"/>
|
||||
</Profile>
|
||||
</Profiles>
|
||||
<Configs>
|
||||
<!-- IMPORTANT: Replace the account name here with an email address of the user you want to
|
||||
be enabled for assigned access. The value in the Account node must begin with
|
||||
AzureAD\ for AAD accounts. -->
|
||||
<Config>
|
||||
<Account>AzureAD\multiusertest@analogfre.onmicrosoft.com</Account>
|
||||
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
|
||||
</Config>
|
||||
</Configs>
|
||||
</AssignedAccessConfiguration>
|
||||
```
|
||||
@ -7,7 +7,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 04/20/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Configuration service provider reference
|
||||
@ -2585,9 +2585,9 @@ The following list shows the configuration service providers supported in Window
|
||||
|
||||
| Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition |
|
||||
|--------|--------|------------|
|
||||
| [AccountManagement CSP](accountmanagement-csp.md) |  | 3 |
|
||||
| [Application CSP](application-csp.md) |  |  |
|
||||
| [AccountManagement CSP](accountmanagement-csp.md) |  | 4 |
|
||||
| [AppLocker CSP](applocker-csp.md) |  |  |
|
||||
| [AssignedAccess CSP](assignedaccess-csp.md) |  | 4 |
|
||||
| [CertificateStore CSP](certificatestore-csp.md) |  | |
|
||||
| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) |  |  |
|
||||
| [DevDetail CSP](devdetail-csp.md) |  |  |
|
||||
@ -2606,9 +2606,11 @@ The following list shows the configuration service providers supported in Window
|
||||
| [WiFi CSP](wifi-csp.md) |  |  |
|
||||
| [WindowsLicensing CSP](windowslicensing-csp.md) |  |  |
|
||||
|
||||
Footnotes:
|
||||
- 2 - Added in Windows 10, version 1703
|
||||
- 3 - Added in Windows 10, version 1803
|
||||
Footnotes:
|
||||
- 1 - Added in Windows 10, version 1607
|
||||
- 2 - Added in Windows 10, version 1703
|
||||
- 3 - Added in Windows 10, version 1709
|
||||
- 4 - Added in Windows 10, version 1803
|
||||
|
||||
## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 04/11/2018
|
||||
ms.date: 04/25/2018
|
||||
---
|
||||
|
||||
# What's new in MDM enrollment and management
|
||||
@ -1185,7 +1185,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</li>
|
||||
@ -1310,7 +1309,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
<li>ShellLauncher</li>
|
||||
<li>StatusConfiguration</li>
|
||||
</ul>
|
||||
<p>Updated the AssigneAccessConfiguration schema.</p>
|
||||
<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
|
||||
@ -1808,7 +1807,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
<li>ShellLauncher</li>
|
||||
<li>StatusConfiguration</li>
|
||||
</ul>
|
||||
<p>Updated the AssigneAccessConfiguration schema.</p>
|
||||
<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
|
||||
@ -1870,7 +1869,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</li>
|
||||
|
||||
@ -6,13 +6,13 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 01/26/2018
|
||||
ms.date: 04/25/2018
|
||||
---
|
||||
|
||||
# Office CSP
|
||||
|
||||
|
||||
The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219426.aspx).
|
||||
The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219426.aspx) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](https://docs.microsoft.com/en-us/intune/apps-add-office365).
|
||||
This CSP was added in Windows 10, version 1703.
|
||||
|
||||
For additional information, see [Office DDF](office-ddf.md).
|
||||
|
||||
@ -2054,9 +2054,6 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers" id="localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession" id="localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</a>
|
||||
</dd>
|
||||
@ -4388,7 +4385,6 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
- [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
|
||||
- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
|
||||
- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
|
||||
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession)
|
||||
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
|
||||
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
|
||||
- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
|
||||
|
||||
@ -936,7 +936,7 @@ The following list shows the supported values:
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
@ -994,7 +994,7 @@ ADMX Info:
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
|
||||
@ -90,9 +90,6 @@ ms.date: 04/06/2018
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</a>
|
||||
</dd>
|
||||
@ -1612,63 +1609,6 @@ GP Info:
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
Microsoft network server: Amount of idle time required before suspending a session
|
||||
|
||||
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
|
||||
|
||||
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
|
||||
|
||||
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
|
||||
|
||||
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.
|
||||
|
||||
<!--/Description-->
|
||||
<!--RegistryMapped-->
|
||||
GP Info:
|
||||
- GP English name: *Microsoft network server: Amount of idle time required before suspending session*
|
||||
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
|
||||
|
||||
<!--/RegistryMapped-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways**
|
||||
|
||||
|
||||
@ -154,7 +154,7 @@ sections:
|
||||
|
||||
title: Windows Hello for Business
|
||||
|
||||
- href: \windows\security\threat-protection\windows-defender-application-control
|
||||
- href: \windows\security\threat-protection\windows-defender-application-control\windows-defender-application-control
|
||||
|
||||
html: <p>Lock down applications that run on a device</p>
|
||||
|
||||
@ -251,7 +251,7 @@ sections:
|
||||
- html: <a href="/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security">Windows Defender Firewall</a>
|
||||
- html: <a href="/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard">Windows Defender Exploit Guard</a>
|
||||
- html: <a href="/windows/security/identity-protection/credential-guard/credential-guard">Windows Defender Credential Guard</a>
|
||||
- html: <a href="/windows/security/threat-protection/device-guard/device-guard-deployment-guide">Windows Defender Device Guard</a>
|
||||
- html: <a href="/windows/security/threat-protection/windows-defender-device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control">Windows Defender Device Guard</a>
|
||||
- html: <a href="/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview">Windows Defender Application Guard</a>
|
||||
- html: <a href="/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview">Windows Defender SmartScreen</a>
|
||||
- html: <a href="/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center">Windows Defender Security Center</a>
|
||||
|
||||
@ -294,10 +294,7 @@
|
||||
#### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
|
||||
#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
|
||||
#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
|
||||
##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md)
|
||||
#### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md)
|
||||
##### [Requirements and deployment planning guidelines for virtualization-based protection of code integrity](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
|
||||
##### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
|
||||
##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
|
||||
### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
|
||||
#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
|
||||
#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
|
||||
@ -311,6 +308,9 @@
|
||||
#### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
|
||||
#### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
|
||||
#### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
|
||||
### [Memory integrity](windows-defender-exploit-guard\memory-integrity.md)
|
||||
#### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
|
||||
#### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md)
|
||||
|
||||
|
||||
## [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
|
||||
|
||||
@ -18,7 +18,7 @@ ms.date: 11/09/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 11/09/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 10/16/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
|
||||
|
||||
|
||||
@ -16,9 +16,7 @@ ms.date: 04/19/2018
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
Virtualization-based protection of code integrity (herein referred to as hypervisor-protected code integrity, or HVCI) is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.
|
||||
Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.
|
||||
|
||||
This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10.
|
||||
Some applications, including device drivers, may be incompatible with HVCI.
|
||||
This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself.
|
||||
If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
|
||||
|
||||
@ -19,7 +19,7 @@ ms.date: 11/20/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 11/20/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
|
||||
|
||||
@ -115,4 +115,4 @@ You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the s
|
||||
|
||||
- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
|
||||
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
|
||||
- [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md)
|
||||
- [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md)
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 1.6 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1.4 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1.4 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1.4 KiB |
@ -20,7 +20,7 @@ ms.date: 11/20/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ ms.date: 12/12/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
**Audience**
|
||||
|
||||
@ -45,7 +45,7 @@ There are four steps to troubleshooting these problems:
|
||||
Attack surface reduction (ASR) will only work on devices with the following conditions:
|
||||
|
||||
>[!div class="checklist"]
|
||||
> - Endpoints are running Windows 10, version 1709 (also known as the Fall Creators Update).
|
||||
> - Endpoints are running Windows 10 Enterprise edition, version 1709 (also known as the Fall Creators Update).
|
||||
> - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
|
||||
> - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
|
||||
> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable ASR topic](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules).
|
||||
|
||||
@ -18,7 +18,7 @@ ms.date: 12/12/2017
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1709
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
|
||||
**Audience**
|
||||
|
||||
@ -45,7 +45,7 @@ There are four steps to troubleshooting these problems:
|
||||
Windows Defender Exploit Guard will only work on devices with the following conditions:
|
||||
|
||||
>[!div class="checklist"]
|
||||
> - Endpoints are running Windows 10, version 1709 (also known as the Fall Creators Update).
|
||||
> - Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update).
|
||||
> - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
|
||||
> - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
|
||||
> - [Cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) is enabled.
|
||||
|
||||
@ -61,17 +61,28 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e
|
||||
|
||||
Each of the features in Windows Defender EG have slightly different requirements:
|
||||
|
||||
Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | [Windows Defender Advanced Threat Protection license](../windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
|
||||
-|-|-|-
|
||||
Exploit protection | No requirement | Required for reporting in the Windows Defender ATP console
|
||||
Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled | Required for reporting in the Windows Defender ATP console
|
||||
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
|
||||
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
|
||||
| Exploit protection |  |  |  |  |
|
||||
| Attack surface reduction |  |  |  |  |
|
||||
| Network protection |  |  |  |  |
|
||||
| Controlled folder access |  |  |  |  |
|
||||
|
||||
> [!NOTE]
|
||||
>  Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).
|
||||
>  On Windows 10 E5, includes automated reporting into the Windows Defender ATP console.
|
||||
|
||||
|
||||
| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
|-----------------| ------------------------------------ |
|
||||
| Exploit protection | No requirement |
|
||||
| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
|
||||
| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
|
||||
| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
|
||||
|
||||
> [!NOTE]
|
||||
> Each feature's requirements are further described in the individual topics in this library.
|
||||
|
||||
|
||||
## In this library
|
||||
|
||||
Topic | Description
|
||||
|
||||
Reference in New Issue
Block a user