diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index 04abdfa702..735512dd8a 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -26,17 +26,22 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine. -## Enable exploit protection +You can enable each mitigation separately by using any of the these methods: + +- Windows Security app +- Intune +- MDM +- Group Policy +- PowerShell cmdlets -You enable and configure each exploit protection mitigation separately either by using the Windows Security app or PowerShell. They are configured by default in Windows 10. You can set each mitigation to on, off, or to its default value. Some mitigations have additional options. -You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy it to other machines by using Group Policy. +You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy them to other machines. -### Windows Security app +## Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -103,9 +108,25 @@ CFG will be enabled for *miles.exe*. 5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration. +## Intune +1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. +1. Click **Device configuration** > **Profiles** > **Create profile**. +1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. + ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) +1. Click **Configure** > **Windows Defender Exploit Guard** > **Exploit protection**. +1. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings: + ![Enable network protection in Intune](images/enable-ep-intune.png) +1. Click **OK** to save each open blade and click **Create**. +1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. -### PowerShell +## MDM + +Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode. + +## Group Policy + +## PowerShell You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/create-endpoint-protection-profile.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/create-endpoint-protection-profile.png index 3f9ed619ca..f9a64efbd7 100644 Binary files a/windows/security/threat-protection/windows-defender-exploit-guard/images/create-endpoint-protection-profile.png and b/windows/security/threat-protection/windows-defender-exploit-guard/images/create-endpoint-protection-profile.png differ diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-ep-intune.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-ep-intune.png index 582c28e411..e89118fd47 100644 Binary files a/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-ep-intune.png and b/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-ep-intune.png differ diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-np-intune.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-np-intune.png index 0745e9d1c3..604dceff4c 100644 Binary files a/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-np-intune.png and b/windows/security/threat-protection/windows-defender-exploit-guard/images/enable-np-intune.png differ