deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into atp-new-api

Browse Source
This commit is contained in:
Joey Caparas
2018-10-17 14:55:29 -07:00
parent bad8b5baea cec6d0d2bd
commit 5a62259fd5
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/intelligence/supply-chain-malware.md
View File

@ -17,7 +17,7 @@ Supply chain attacks are an emerging kind of threat that target software develop
## How supply chain attacks work
[!video https://www.youtube.com/embed/uXm2XNSavwo]
> [!video https://www.youtube.com/embed/uXm2XNSavwo]
Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

6
windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -19,7 +19,7 @@ Windows Defender Application Guard (Application Guard) works with Group Policy t
Application Guard uses both network isolation and application-specific settings.
### Network isolation settings
## Network isolation settings
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
@ -33,7 +33,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. |
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.|
### Application-specific settings
## Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
|Name|Supported versions|Description|Options|
@ -46,5 +46,5 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.<br><br>**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.|
|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering.<br><br><ul>**Important**<br>Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br></ul>**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and wont load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Windows Defender Application Guard.|**Enabled.** Applications inside Windows Defender Application Guard are able to access the camera and microphone on the user's device.<br><br></ul>**Important**<br>Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<br><br></ul>**Disabled or not configured.** Applications inside Windows Defender Application Guard are unable to access the camera and microphone on the user's device.|
|Allow Windows Defender Application Guard to use Root Certificate Authorities from users's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Windows Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Multiple certificates can be specified by using a common to separate.<br><br></ul>**Disabled or not configured.** Certificates are not shared with Windows Defender Application Guard.<br><br>.|
|Allow Windows Defender Application Guard to use Root Certificate Authorities from users's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Windows Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Multiple certificates can be specified by using a common to separate.<br><br></ul>**Disabled or not configured.** Certificates are not shared with Windows Defender Application Guard.|
|Allow users to trust files that open in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.<br><br></ul>**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Windows Defender Application Guard.|