diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 26145df9b5..ef81d89611 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -1,11 +1,13 @@ --- title: ApplicationControl CSP description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server. +keywords: whitelisting, security, malware ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: ManikaDhiman +ms.reviewer: jsuther1974 ms.date: 05/21/2019 --- @@ -61,7 +63,8 @@ This node specifies whether a policy is actually loaded by the enforcement engin Scope is dynamic. Supported operation is Get. -Value type is bool. Supported values are as follows: +Value type is bool. Supported values are as follows: + - True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system. - False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default. @@ -70,7 +73,8 @@ This node specifies whether a policy is deployed on the system and is present on Scope is dynamic. Supported operation is Get. -Value type is bool. Supported values are as follows: +Value type is bool. Supported values are as follows: + - True — Indicates that the policy is deployed on the system and is present on the physical machine. - False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default. @@ -79,7 +83,8 @@ This node specifies whether the policy is authorized to be loaded by the enforce Scope is dynamic. Supported operation is Get. -Value type is bool. Supported values are as follows: +Value type is bool. Supported values are as follows: + - True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system. - False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default. @@ -214,7 +219,8 @@ The following table displays the result of Get operation on different nodes: |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful| |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy| -The following is an example of Get command: +The following is an example of Get command: + ```xml 1 diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 4447a187fc..c3ccef8510 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -18,14 +18,14 @@ ms.date: 05/17/2018 --- > [!NOTE] -> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/). +> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/). # Deploy Windows Defender Application Control policies by using Microsoft Intune **Applies to:** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows Server 2016 You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. diff --git a/windows/security/threat-protection/windows-defender-application-control/images/policy-id.png b/windows/security/threat-protection/windows-defender-application-control/images/policy-id.png new file mode 100644 index 0000000000..12ec2b924f Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/policy-id.png differ diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-assignments.png b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-assignments.png new file mode 100644 index 0000000000..c37d55910d Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-assignments.png differ diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-create-profile-name.png b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-create-profile-name.png new file mode 100644 index 0000000000..e132440266 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-create-profile-name.png differ