deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update faq-md-app-guard.md

Browse Source 
minor edits
This commit is contained in:
Daniel Simpson
2020-08-13 18:15:15 -07:00
committed by GitHub
parent a96e50a8d1
commit 668820b5ab
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
View File

@ -160,14 +160,12 @@ Step 2:
`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`.
4. Restart the device.
### Why doesn't Application guard work, although it is enabled via GPO?
### Why doesn't Application guard work, even though it's enabled through Group Policy?
Application Guard must meet all these pre-requisites to be enabled in enterprise mode:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard
To understand why it is not being enabled in enterprise mode you need to check the status of the evaluation to find out what is missing.
Application Guard must meet all these prerequisites to be enabled in enterprise mode: [System requirements for Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard).
To understand why it is not enabled in enterprise mode, check the status of the evaluation to understand what's missing.
For CSP (Intune) you can query the status node via a Get as mentioned in this document:
https://docs.microsoft.com/en-us/windows/client-management/mdm/windowsdefenderapplicationguard-csp
In this page you will see the “status” node as well as the meaning of each bit. If the status is not 63, you are missing a pre-requisite.
For CSP (Intune) you can query the status node by using **Get**. This is described in the [Application Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/windowsdefenderapplicationguard-csp).
In this page you will see the **status** node as well as the meaning of each bit. If the status is not 63, you are missing a prerequisite.
For Group Policy you need to look at the registry. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP Status. The meaning of each bit is the same as the CSP.
For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP** Status. The meaning of each bit is the same as the CSP.