From 6a9ce1629601be0ff52e59a28233fe1b2a7ce364 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Mon, 28 Oct 2019 09:58:50 -0700 Subject: [PATCH 1/2] DGSS update links Changed "hhttps" and "http" to "https" --- ...ce-guard-signing-portal-in-microsoft-store-for-business.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index 12e20135ca..bb2b9834f3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -36,11 +36,11 @@ Before you get started, be sure to review these best practices: **Best practices** - Test your code integrity policies on a pilot group of devices before deploying them to production. -- Use rule options 9 and 10 during testing. For more information, see the section Code integrity policy rules in the [Deploy Windows Defender Application Control policy rules and file rules](hhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create). +- Use rule options 9 and 10 during testing. For more information, see the section Code integrity policy rules in the [Deploy Windows Defender Application Control policy rules and file rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create). **To sign a code integrity policy** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, click **Store settings**, and then click **Device Guard**. 3. Click **Upload** to upload your code integrity policy. 4. After the files are uploaded, click **Sign** to sign the code integrity policy. From 32aa927b042c46f275845896b8b84c357fb598a7 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Mon, 28 Oct 2019 13:56:59 -0700 Subject: [PATCH 2/2] Remove wrong info from ApplicationControl CSP Directions to use certutil to create a policy node are misleading, as Intune should do this for the user. --- windows/client-management/mdm/applicationcontrol-csp.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 052d05d6a0..cb636ce3ef 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -117,16 +117,7 @@ Value type is char. To use ApplicationControl CSP, you must: - Know a generated policy’s GUID, which can be found in the policy xml as ``. - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool. -Here is a sample certutil invocation: -``` -certutil -encode WinSiPolicy.p7b WinSiPolicy.cer -``` -An alternative to using certutil would be to use the following PowerShell invocation: -``` -[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) -``` If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.