deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-25 15:23:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'MDBranchMachineToDeviceParent' into MDBranchMachineToDeviceChild

Browse Source
This commit is contained in:
ManikaDhiman
2020-06-10 08:56:28 -07:00
parent 560133d8a2 d2cc0170c4
commit 801adee58a
38 changed files with 798 additions and 1237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
windows/security/index.yml
View File

@ -1,80 +1,38 @@
### YamlMime:YamlDocument
### YamlMime:Hub
documentType: LandingData
title: Windows 10 Enterprise Security
title: Windows 10 Enterprise Security # < 60 chars
summary: Secure corporate data and manage risk. # < 160 chars
# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
brand: windows
metadata:
document_id:
title: Windows 10 Enterprise Security
description: Learn about enterprise-grade security features for Windows 10.
keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
title: Windows 10 Enterprise Security # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about enterprise-grade security features for Windows 10. # Required; article description that is displayed in search results. < 160 chars.
services: windows
ms.product: windows
ms.topic: hub-page # Required
ms.collection: M365-security-compliance # Optional; Remove if no collection is used.
author: danihalfin #Required; your GitHub user alias, with correct capitalization.
ms.author: daniha #Required; microsoft alias of author; optional team alias.
ms.date: 01/08/2018 #Required; mm/dd/yyyy format.
ms.localizationpriority: high
author: brianlic-msft
ms.author: brianlic
manager: brianlic
ms.date: 08/01/2018
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: Secure corporate data and manage risk.
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: \windows\security\identity-protection\
html: <p>Deploy secure enterprise-grade authentication and access control to protect accounts and data</p>
image:
src: https://docs.microsoft.com/media/common/i_identity-protection.svg
title: Identity and access management
- href: \windows\security\threat-protection\
html: <p>Stop cyberthreats and quickly identify and respond to breaches</p>
image:
src: https://docs.microsoft.com/media/common/i_threat-protection.svg
title: Threat protection
- href: \windows\security\information-protection\
html: <p>Identify and secure critical data to prevent data loss</p>
image:
src: https://docs.microsoft.com/media/common/i_information-protection.svg
title: Information protection
# productDirectory section (optional)
productDirectory:
items:
# Card
- title: Identity and access management
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/media/common/i_identity-protection.svg
summary: Deploy secure enterprise-grade authentication and access control to protect accounts and data
url: ./identity-protection/index.md
# Card
- title: Threat protection
imageSrc: https://docs.microsoft.com/media/common/i_threat-protection.svg
summary: Stop cyberthreats and quickly identify and respond to breaches
url: ./threat-protection/index.md
# Card
- title: Information protection
imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
summary: Identify and secure critical data to prevent data loss
url: ./information-protection/index.md

68
windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md
View File

@ -1,68 +0,0 @@
# [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
## [Microsoft Defender AV in the Microsoft Defender Security Center app](microsoft-defender-security-center-antivirus.md)
## [Microsoft Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md)
## [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
### [Use limited periodic scanning in Microsoft Defender AV](limited-periodic-scanning-microsoft-defender-antivirus.md)
## [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md)
## [Deploy, manage updates, and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
### [Deploy and enable Microsoft Defender Antivirus](deploy-microsoft-defender-antivirus.md)
#### [Deployment guide for VDI environments](deployment-vdi-microsoft-defender-antivirus.md)
### [Report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md)
#### [Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md)
### [Manage updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md)
#### [Manage protection and Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md)
#### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md)
#### [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md)
#### [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md)
#### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)
## [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md)
### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
#### [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md)
#### [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md)
#### [Configure and validate network connections](configure-network-connections-microsoft-defender-antivirus.md)
#### [Enable the Block at First Sight feature](configure-block-at-first-sight-microsoft-defender-antivirus.md)
#### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)
### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)
#### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md)
#### [Enable and configure always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md)
### [Configure end-user interaction with Microsoft Defender AV](configure-end-user-interaction-microsoft-defender-antivirus.md)
#### [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md)
#### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md)
#### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md)
## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
### [Configure and validate exclusions in Microsoft Defender AV scans](configure-exclusions-microsoft-defender-antivirus.md)
#### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md)
#### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
#### [Configure exclusions in Microsoft Defender AV on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md)
### [Configure scanning options in Microsoft Defender AV](configure-advanced-scan-types-microsoft-defender-antivirus.md)
### [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md)
### [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md)
### [Configure and run scans](run-scan-microsoft-defender-antivirus.md)
### [Review scan results](review-scan-results-microsoft-defender-antivirus.md)
### [Run and review the results of a Windows Defender Offline scan](microsoft-defender-offline.md)
## [Review event logs and error codes to troubleshoot issues](troubleshoot-microsoft-defender-antivirus.md)
## [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)
### [Use Group Policy settings to configure and manage Microsoft Defender AV](use-group-policy-microsoft-defender-antivirus.md)
### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Microsoft Defender AV](use-intune-config-manager-microsoft-defender-antivirus.md)
### [Use PowerShell cmdlets to configure and manage Microsoft Defender AV](use-powershell-cmdlets-microsoft-defender-antivirus.md)
### [Use Windows Management Instrumentation (WMI) to configure and manage Microsoft Defender AV](use-wmi-microsoft-defender-antivirus.md)
### [Use the mpcmdrun.exe commandline tool to configure and manage Microsoft Defender AV](command-line-arguments-microsoft-defender-antivirus.md)

2
windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
View File

@ -118,7 +118,7 @@ You can choose between showing alerts that are assigned to you or automation.
Select the source that triggered the alert detection. Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts-managed hunting service.
>[!NOTE]
>The Windows Defender Antivirus filter will only appear if devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product.
>The Antivirus filter will only appear if devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product.
### OS platform

2
windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
View File

@ -31,7 +31,7 @@ While the features will not block or prevent apps, scripts, or files from being
To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
You can use Microsoft Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.

9
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
View File

@ -30,7 +30,14 @@ ms.date: 04/16/2020
## Onboard non-persistent virtual desktop infrastructure (VDI) devices
Microsoft Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
Microsoft Defender ATP supports non-persistent VDI session onboarding.
>[!Note]
>To onboard non-persistent VDI sessions, VDI machines must be on Windows 10.
>
>While other Windows versions might work, only Windows 10 is supported.
There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
- Instant early onboarding of a short-lived sessions, which must be onboarded to Microsoft Defender ATP prior to the actual provisioning.
- The device name is typically reused for new sessions.

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
View File

@ -38,7 +38,7 @@ The Windows Intune security baseline provides a comprehensive set of recommended
- [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
- [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same device will not result in conflicts. Ideally, devices onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
Ideally, devices onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
>[!NOTE]
>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.

BIN
windows/security/threat-protection/microsoft-defender-atp/images/configmgr-simple-value.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 52 KiB

After

Width:  |  Height:  |  Size: 65 KiB

2
windows/security/threat-protection/microsoft-defender-atp/onboarding.md
View File

@ -95,7 +95,7 @@ below to onboard systems with Configuration Manager.
![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-criteria.png)
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-simple-value.png)

2
windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
View File

@ -28,6 +28,8 @@ Microsoft Defender ATP endpoint detection and response capabilities provide adva
When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4o1j5]
Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
The response capabilities give you the power to promptly remediate threats by acting on the affected entities.

66
windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -1,66 +0,0 @@
---
title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10)
description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 05/27/2020
ms.reviewer:
manager: dansimp
ms.custom: asr
---
# Configure Microsoft Defender Application Guard policy settings
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
Application Guard uses both network isolation and application-specific settings.
## Network isolation settings
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
>[!NOTE]
>You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy.
|Policy name|Supported versions|Description|
|-----------|------------------|-----------|
|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Proxies should be added to this list. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
## Network isolation settings wildcards
|Value|Number of dots to the left|Meaning|
|-----|--------------------------|-------|
|`contoso.com`|0|Trust only the literal value of `contoso.com`.|
|`www.contoso.com`|0|Trust only the literal value of `www.contoso.com`.|
|`.contoso.com`|1|Trust any domain that ends with the text `contoso.com`. Matching sites include `spearphishingcontoso.com`, `contoso.com`, and `www.contoso.com`.|
|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
## Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
|Name|Supported versions|Description|Options|
|-----------|------------------|-----------|-------|
|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>-Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<br/><br/>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.<br><br>**Note**<br>Network printers must be published by Active Directory to work in Application Guard.|
|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. **Note:** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.<br><br>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.<br><br>**Note**<br>This policy is no longer supported in the 2004 update and later.|
|Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<br><br>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<br><br>**Note**<br>If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br><br>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
|Turn on Windows Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Windows Defender Application Guard only for Microsoft Edge<br/>- Enable Windows Defender Application Guard only for Microsoft Office<br/>- Enable Windows Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.|
|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.<br><br>**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.|
|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and wont load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Windows Defender Application Guard.|**Enabled.** Applications inside Windows Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<br><br>**Disabled or not configured.** Applications inside Windows Defender Application Guard are unable to access the camera and microphone on the user's device.|
|Allow Windows Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Windows Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<br><br>**Disabled or not configured.** Certificates are not shared with Windows Defender Application Guard.|
|Allow users to trust files that open in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.<br><br>**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Windows Defender Application Guard.|