deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update faq-wd-app-guard.md

Browse Source
This commit is contained in:
Rona Song 2020-06-02 00:04:26 -07:00 committed by GitHub
parent 5e999de166
commit 3da5f277f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
View File

@ -92,3 +92,12 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca
### Why does my encryption driver break Windows Defender Application Guard?
Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT").
### Why do the Network Isolation policies in Group Policy and CSP look different?
There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatary network isolation policies to deploy WDAG are different between CSP and GP.
Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources"
Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
For EnterpriseNetworkDomainNames, there is no mapped CSP policy.