deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #9696 from v-kikl/kk-wdac-edits-task-23192420

Browse Source 
Added MEMCM clarification
This commit is contained in:
Daniel Simpson
2021-06-21 09:09:56 -07:00
committed by GitHub
parent b7b617b4ca ad30fcef29
commit 57bcc1db32
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
View File

@ -35,6 +35,8 @@ MEMCM includes native support for WDAC, which allows you to configure Windows 10
- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG)
- [Optional] Apps and executables already installed in admin-definable folder locations that MEMCM will allow through a one-time scan during policy creation on managed endpoints.
Note that MEMCM does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable WDAC altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager)
## Deploy custom WDAC policies using Packages/Programs or Task Sequences