deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into FromPrivateRepo

Browse Source
This commit is contained in:
huaping yu 2019-02-22 15:41:30 -08:00
commit 7a6edabf41
5 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/client-management/mdm/images/custom-profile-prevent-device-ids.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 12 KiB

14
windows/client-management/mdm/policy-csp-deviceinstallation.md
View File

@ -442,13 +442,6 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< Section end 2018/11/15 12:26:41.751 <<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS] <<< [Exit status: SUCCESS]
``` ```
Windows Defender ATP also blocks installation and usage of prohibited peripherals by using a custom profile in Intune.
For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0", and applies to USB devices with matching hardware IDs that are already installed.
![Custom profile](images/custom-profile-prevent-device-ids.png)
<hr/> <hr/>
<!--Policy--> <!--Policy-->
@ -546,6 +539,13 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< [Exit status: SUCCESS] <<< [Exit status: SUCCESS]
``` ```
Windows Defender ATP also blocks installation and usage of prohibited peripherals by using a custom profile in Intune.
For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USB\Composite" and "USB\Class_FF", and applies to USB devices with matching hardware IDs that are already installed.
![Custom profile](images/custom-profile-prevent-device-ids.png)
<!--Policy--> <!--Policy-->
<a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** <a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**

6
windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
View File

@ -7,7 +7,11 @@ ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: brianlic-msft author: justinha
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/21/2019 ms.date: 02/21/2019
--- ---

4
windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
View File

@ -24,6 +24,10 @@ In addition to standard on-premises or hardware configurations, you can also use
Boot storms can be a problem in large-scale VDIs; this guide will help reduce the overall network bandwidth and performance impact on your hardware. Boot storms can be a problem in large-scale VDIs; this guide will help reduce the overall network bandwidth and performance impact on your hardware.
>[!NOTE]
>We've recently introduced a new feature that helps reduce the network and CPU overhead ov VMs when obtaining security intelligence updates. If you'd like to test this feature before it's released generally, [download the PDF guide for VDI performance improvement testing](https://demo.wd.microsoft.com/Content/wdav-testing-vdi-ssu.pdf).
We recommend setting the following when deploying Windows Defender Antivirus in a VDI environment: We recommend setting the following when deploying Windows Defender Antivirus in a VDI environment:
Location | Setting | Suggested configuration Location | Setting | Suggested configuration

4
windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
View File

@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/01/2018 ms.date: 02/21/2019
--- ---
# Overview of attack surface reduction # Overview of attack surface reduction
@ -27,7 +27,7 @@ Attack surface reduction capabilities in Windows Defender ATP helps protect the
| Capability | Description | | Capability | Description |
|------------|-------------| |------------|-------------|
| [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious wbsites. | | [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious websites. |
| [Application control](../windows-defender-application-control/windows-defender-application-control.md) | Moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. | | [Application control](../windows-defender-application-control/windows-defender-application-control.md) | Moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. |
| [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) | Applies exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV) | | [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) | Applies exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV) |
| [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) | Extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV. | | [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) | Extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV. |