diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index a9c46de01c..e7659f76d0 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -198,7 +198,7 @@ Path Publisher Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name. ### Import a list of apps -For this example, we’re going to add an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. +For this example, we’re going to add an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. **To create a list of protected apps using the AppLocker tool** 1. Open the Local Security Policy snap-in (SecPol.msc). @@ -273,6 +273,39 @@ For this example, we’re going to add an AppLocker XML file to the **Protected 12. After you’ve created your XML file, you need to import it by using Microsoft Intune. +**To create an Executable rule and xml file for unsigned apps** +1. Open the Local Security Policy snap-in (SecPol.msc). + +2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**. + +3. Right-click **Executable Rules** > **Create New Rule**. + + ![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png) + +4. On the **Before You Begin** page, click **Next**. + +5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. + +6. On the **Conditions** page, click **Path** and then click **Next**. + + ![Create Packaged app Rules wizard, showing the Publisher](images/path-condition.png) + +7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, we’re using "C:\Program Files". + + ![Create Packaged app Rules wizard, showing the Select applications page](images/select-path.png) + +8. On the **Exceptions** page, add any exceptions and then click **Next**. + +9. On the **Name** page, type a name and description for the rule and then click **Create**. + +10. In the left pane, right-click **AppLocker** > **Export policy**. + +11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**. + + The policy is saved and you’ll see a message that says 1 rule was exported from the policy. + +12. After you’ve created your XML file, you need to import it by using Microsoft Intune. + **To import a list of protected apps using Microsoft Intune** 1. In **Protected apps**, click **Import apps**. diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 2200e5ac5c..a2d2b485a4 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -193,7 +193,7 @@ In this example, you'd get the following info: Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box. ### Add an AppLocker policy file -Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). +Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). **To create a Packaged App rule rule and xml file** 1. Open the Local Security Policy snap-in (SecPol.msc). @@ -260,39 +260,6 @@ Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ ``` 12. After you’ve created your XML file, you need to import it by using Microsoft Intune. -**To create an Executable rule and xml file for unsigned apps** -1. Open the Local Security Policy snap-in (SecPol.msc). - -2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**. - -3. Right-click **Executable Rules** > **Create New Rule**. - - ![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png) - -4. On the **Before You Begin** page, click **Next**. - -5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. - -6. On the **Conditions** page, click **Path** and then click **Next**. - - ![Create Packaged app Rules wizard, showing the Publisher](images/path-condition.png) - -7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, we’re using "C:\Program Files". - - ![Create Packaged app Rules wizard, showing the Select applications page](images/select-path.png) - -8. On the **Exceptions** page, add any exceptions and then click **Next**. - -9. On the **Name** page, type a name and description for the rule and then click **Create**. - -10. In the left pane, right-click **AppLocker** > **Export policy**. - -11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**. - - The policy is saved and you’ll see a message that says 1 rule was exported from the policy. - -12. After you’ve created your XML file, you need to import it by using Microsoft Intune. - **To import your Applocker policy file app rule using Microsoft Intune** 1. From the **App Rules** area, click **Add**. diff --git a/windows/security/information-protection/windows-information-protection/images/path-condition.png b/windows/security/information-protection/windows-information-protection/images/path-condition.png index a70854e007..6aaf295bcc 100644 Binary files a/windows/security/information-protection/windows-information-protection/images/path-condition.png and b/windows/security/information-protection/windows-information-protection/images/path-condition.png differ diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 9c425537a1..31e6351c21 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -1,5 +1,5 @@ --- -title: Introduction to Windows Defender Device Guard - virtualization-based security and code integrity policies (Windows 10) +title: Windows Defender Device Guard - virtualization-based security and code integrity policies (Windows 10) description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. keywords: virtualization, security, malware ms.prod: w10 @@ -9,7 +9,7 @@ author: mdsakibMSFT ms.date: 04/19/2018 --- -# Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control +# Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control **Applies to** - Windows 10