deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-21 17:57:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into lsaldanha-5120578

Browse Source
This commit is contained in:
Asha Iyengar 2021-05-25 14:13:54 +05:30 committed by GitHub
commit 4b48ca0ac7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
View File

@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 05/06/2021
ms.date: 05/24/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -27,7 +27,7 @@ Application Guard uses both network isolation and application-specific settings.
## Network isolation settings
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
> [!NOTE]
> You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy.
@ -48,7 +48,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
## Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
These settings, located at `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard`, can help you to manage your company's implementation of Application Guard.
|Name|Supported versions|Description|Options|
|-----------|------------------|-----------|-------|
@ -61,6 +61,3 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and wont load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
|Allow users to trust files that open in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.<p>**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Microsoft Defender Application Guard.|
|Allow extensions in the container|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use extensions.|**Enabled.** Favorites are able to sync from the host browser to the container. Note that this doesnt work the other way around. The favorites sync to the users work profile by default.<p>**Disabled.** Users are not able to access their favorites from within the Application Guard container.|
|Allow favorites sync|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether favorites can be accessible from Application Guard container.|**Enabled.** Favorites are able to sync from the host browser to the container, but it doesnt work the other way around. The favorites sync to the users work profile by default.<p>**Disabled.** Users are not able to access their favorites from within the Application Guard container.