From 7d902ce298616eec5a47427d6ebb0c84b025852c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 27 Mar 2019 09:06:31 -0700 Subject: [PATCH] added deployment options --- ...enable-controlled-folders-exploit-guard.md | 4 +-- .../enable-network-protection.md | 36 ++++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 8d9f86a947..ea057afc07 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -38,13 +38,13 @@ You can enable controlled folder access with the Security Center app, Group Poli >- System Center Endpoint Protection **Allow users to add exclusions and overrides** >For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged). -### Use the Windows Defender Security app to enable controlled folder access +## Windows Security app to enable controlled folder access 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**. -3. Set the switch for **Controlled folder access** to **On**. +3. Set the switch for **Controlled folder access** to **On**. ### Use Group Policy to enable Controlled folder access diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index d07a56a851..0d20bf5ec0 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 02/14/2019 +ms.date: 03/27/2019 --- # Enable network protection @@ -20,17 +20,30 @@ ms.date: 02/14/2019 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. +[Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. +You can enable network protection by using any of the these methods: -This topic describes how to enable network protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM). +- Windows Security app +- Intune +- MDM +- Group Policy +- SCCM +- PowerShell cmdlets -## Enable and audit network protection +You can also [audit network protection](evaluate-network-protection.md) to see which apps would be blocked before you enable it. -You can enable network protection in either audit or block mode with Group Policy, PowerShell, or MDM settings with CSP. +## Windows Security app -For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md). +1. Click **Start**, type **Windows Security** and press Enter to open the app. +1. Click -### Use Group Policy to enable or audit network protection +## Intune + +## MDM + +Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure network protection. + +## Group Policy 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -47,7 +60,9 @@ For background information on how audit mode works, and when you might want to u >[!IMPORTANT] >To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu. - ### Use PowerShell to enable or audit network protection +## SCCM + +## PowerShell 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: @@ -65,11 +80,6 @@ Set-MpPreference -EnableNetworkProtection AuditMode Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off. -### Use MDM CSPs to enable or audit network protection - -Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure network protection. - - ## Related topics - [Protect your network](network-protection-exploit-guard.md)