deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

DocuTune: Dry run for security rebranding

Browse Source
This commit is contained in:
Alex Buck 2021-10-29 13:44:20 -04:00
parent 8018f5f624
commit 8e9a0f145b
14 changed files with 44 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
education/itadmins.yml
View File

@ -79,7 +79,7 @@ productDirectory:
- url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
text: Azure information protection deployment acceleration guide
- url: /cloud-app-security/getting-started-with-cloud-app-security
text: Microsoft Cloud app security
text: Microsoft Defender for Cloud Apps
- url: /microsoft-365/compliance/create-test-tune-dlp-policy
text: Office 365 data loss prevention
- url: /microsoft-365/compliance/

23
windows/client-management/mdm/healthattestation-csp.md
View File

@ -116,8 +116,8 @@ This node will trigger attestation flow by launching an attestation process. If
</Target>
<Data>
{
rpID : "rpID", serviceEndpoint : “MAA endpoint”,
nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector"
rpID : "rpID", serviceEndpoint : "MAA endpoint",
nonce : "nonce", aadToken : "aadToken", "cv" : "CorrelationVector"
}
</Data>
</Item>
@ -219,7 +219,7 @@ OR Sync ML 404 error if not cached report available.
<a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs**
<p>Node type: GET
This node will retrieve the service-generated correlation IDs for the given MDM provider. If there are more than one correlation IDs, they are separated by “;” in the string.
This node will retrieve the service-generated correlation IDs for the given MDM provider. If there are more than one correlation IDs, they are separated by ";" in the string.
</p>
<p>Templated SyncML Call:</p>
@ -506,7 +506,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
<ul>
<li>DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot, and TPM counters) that are required for validating device boot health.</li>
<li>DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.</li>
<li>DHA-SignedBlob: it is a signed snapshot of the current state of a devices runtime that is captured by DHA-CSP at device health attestation time.</li>
<li>DHA-SignedBlob: it is a signed snapshot of the current state of a device's runtime that is captured by DHA-CSP at device health attestation time.</li>
<li>DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has two parts:
<ul>
<li>DHA-EncBlob: the encrypted data blob that the device receives from DHA-Service</li>
@ -529,7 +529,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
</ul>
<strong>DHA-CSP (Device HealthAttestation Configuration Service Provider)</strong>
<p>The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a devices TPM and firmware to measure critical security properties of the devices BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.</p>
<p>The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device's TPM and firmware to measure critical security properties of the device's BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.</p>
<p>The following list of operations is performed by DHA-CSP:</p>
<ul>
<li>Collects device boot data (DHA-BootData) from a managed device</li>
@ -541,7 +541,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
<strong>DHA-Service (Device HealthAttestation Service)</strong>
<p>Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.</p>
<p>DHA-Service is available in two flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
<p>DHA-Service is available in two flavors: "DHA-Cloud" and "DHA-Server2016". DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
<p>The following list of operations is performed by DHA-Service:</p>
- Receives device boot data (DHA-BootData) from a DHA-Enabled device</li>
@ -890,8 +890,8 @@ When the MDM-Server receives the above data, it must:
<?xml version='1.0' encoding='utf-8' ?>
<HealthCertificateValidationRequest ProtocolVersion='1' xmlns='http://schemas.microsoft.com/windows/security/healthcertificate/validation/request/v1'>
<Nonce>[INT]</Nonce>
<Claims> [base64 blob, eg ABc123+/…==] </Claims>
<HealthCertificateBlob> [base64 blob, eg ABc123+/...==]
<Claims> [base64 blob, eg 'ABc123+/…=='] </Claims>
<HealthCertificateBlob> [base64 blob, eg 'ABc123+/...==']
</HealthCertificateBlob>
</HealthCertificateValidationRequest>
```
@ -948,7 +948,7 @@ The following list of data points is verified by the DHA-Service in DHA-Report v
\* TPM 2.0 only
\*\* Reports if BitLocker was enabled during initial boot.
\*\*\* The “Hybrid Resume” must be disabled on the device. Reports first-party ELAM “Defender” was loaded during boot.
\*\*\* The "Hybrid Resume" must be disabled on the device. Reports first-party ELAM "Defender" was loaded during boot.
Each of these are described in further detail in the following sections, along with the recommended actions to take.
@ -956,7 +956,7 @@ Each of these are described in further detail in the following sections, along w
<p>The date and time DHA-report was evaluated or issued to MDM.</p>
<a href="" id="aikpresent"></a>**AIKPresent**
<p>When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesnt have an EK certificate.</p>
<p>When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn't have an EK certificate.</p>
<p>If AIKPresent = True (1), then allow access.</p>
@ -1277,7 +1277,7 @@ Each of these are described in further detail in the following sections, along w
<tr>
<td>1</td>
<td>HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED</td>
<td>This state signifies that MDM clients Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.</td>
<td>This state signifies that MDM client's Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.</td>
</tr>
<tr>
<td>2</td>
@ -1620,4 +1620,3 @@ xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validatio
[Configuration service provider reference](configuration-service-provider-reference.md)

11
windows/client-management/mdm/index.md
View File

@ -14,8 +14,7 @@ author: dansimp
# Mobile device management
Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users privacy on their personal devices. A built-in management component can communicate with the management server.
Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
There are two parts to the Windows management component:
@ -26,8 +25,7 @@ Third-party MDM servers can manage Windows 10 by using the MDM protocol. The bu
## MDM security baseline
With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros operational needs, addressing security concerns for modern cloud-managed devices.
With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros' operational needs, addressing security concerns for modern cloud-managed devices.
The MDM security baseline includes policies that cover the following areas:
@ -38,7 +36,7 @@ The MDM security baseline includes policies that cover the following areas:
- Legacy technology policies that offer alternative solutions with modern technology
- And much more
For more details about the MDM policies defined in the MDM security baseline and what Microsofts recommended baseline policy values are, see:
For more details about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
@ -82,6 +80,3 @@ When an organization wants to move to MDM to manage devices, they should prepare
- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)

2
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -3564,7 +3564,7 @@ The options are:
- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
> [!NOTE]
> If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
> If this policy setting is disabled, the Windows Security Center notifies you that the overall security of the operating system has been reduced.
- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.

15
windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
View File

@ -210,7 +210,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
<!--/Description-->
<!--ADMXMapped-->
@ -282,7 +282,7 @@ Valid values:
<!--/Scope-->
<!--Description-->
Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -444,7 +444,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
<!--/Description-->
<!--ADMXMapped-->
@ -593,7 +593,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -667,7 +667,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -741,7 +741,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -977,7 +977,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -1733,4 +1733,3 @@ ADMX Info:
<hr/>
<!--/Policies-->

2
windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
View File

@ -150,7 +150,7 @@ The options are:
- **Enabled.** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the **Administrators** group to run in Admin Approval Mode.
- **Disabled.** Admin Approval Mode and all related UAC policy settings are disabled.
**Note** If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
**Note** If this policy setting is disabled, the Windows Security Center notifies you that the overall security of the operating system has been reduced.
### User Account Control: Switch to the secure desktop when prompting for elevation

2
windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
View File

@ -91,7 +91,7 @@ This policy setting controls whether applications that request to run with a Use
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
- **Enabled** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
- **Disabled** Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
- **Disabled** Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Windows Security Center notifies you that the overall security of the operating system has been reduced.
## User Account Control: Switch to the secure desktop when prompting for elevation

2
windows/security/includes/microsoft-defender.md
View File

@ -11,4 +11,4 @@ ms.topic: include
---
> [!IMPORTANT]
> The improved [Microsoft 365 Defender portal](https://security.microsoft.com) is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center).
> The improved [Microsoft 365 Defender portal](https://security.microsoft.com) is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender Security Center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center).

6
windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
View File

@ -73,11 +73,11 @@ Systems released prior to Windows 10 version 1803 do not support Kernel DMA Prot
Systems running Windows 10 version 1803 that do support Kernel DMA Protection do have this security feature enabled automatically by the OS with no user or IT admin configuration required.
### Using Security Center
### Using Windows Security
Beginning with Windows 10 version 1809, you can use Security Center to check if Kernel DMA Protection is enabled. Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation details** > **Memory access protection**.
Beginning with Windows 10 version 1809, you can use Windows Security to check if Kernel DMA Protection is enabled. Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation details** > **Memory access protection**.
![Kernel DMA protection in Security Center.](bitlocker/images/kernel-dma-protection-security-center.png)
![Kernel DMA protection in Windows Security.](bitlocker/images/kernel-dma-protection-security-center.png)
### Using System information

4
windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
View File

@ -40,7 +40,7 @@ This policy setting determines the behavior of all User Account Control (UAC) po
Admin Approval Mode and all related UAC policies are disabled.
> [!NOTE]
> If this security setting is configured to **Disabled**, the Security Center notifies the user that the overall security of the operating system has been reduced.
> If this security setting is configured to **Disabled**, Windows Security notifies the user that the overall security of the operating system has been reduced.
### Best practices
@ -52,7 +52,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
### Default values
The following table lists the actual and effective default values for this policy. Default values are also listed on the policys property page.
The following table lists the actual and effective default values for this policy. Default values are also listed on the policy's property page.
| Server type or GPO | Default value |
| - | - |

7
windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
View File

@ -66,7 +66,7 @@ A description of each policy rule, beginning with the left-most column, is provi
| **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
| **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. |
|**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsofts Intelligent Security Graph (ISG). |
| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). |
| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
| **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windowscompatible driver must be WHQL certified. |
| **Update Policy without Rebooting** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
@ -84,7 +84,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru
|------------ | ----------- |
| **Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
| **Disable Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. |
| **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path thats only writable by an administrator) for any FileRule that allows a file based on FilePath. |
| **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that's only writable by an administrator) for any FileRule that allows a file based on FilePath. |
| **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
| **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.|
| **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later, or Windows 11 drivers will meet this requirement. |
@ -132,8 +132,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c
### File Hash Rules
Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause additional administrative overhead to maintain the current product versions hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard will use file hash as the fallback in case a file rule cannot be created using the specified file rule level.
Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause additional administrative overhead to maintain the current product version's hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard will use file hash as the fallback in case a file rule cannot be created using the specified file rule level.
#### Deleting Signing Rules

2
windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
View File

@ -25,7 +25,7 @@ ms.technology: windows-sec
You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
![The security center custom fly-out.](images/security-center-custom-flyout.png)
![The Window Security custom fly-out.](images/security-center-custom-flyout.png)
This information will also be shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).

4
windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
View File

@ -78,7 +78,7 @@ You can find more information about each section, including options for configur
> [!IMPORTANT]
> Microsoft Defender Antivirus and the Windows Security app use similarly named services for specific purposes.
>
> The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](/previous-versions/windows/it-pro/windows-xp/bb457154(v=technet.10)#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
> The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center service ([*wscsvc*](/previous-versions/windows/it-pro/windows-xp/bb457154(v=technet.10)#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
>
>These services do not affect the state of Microsoft Defender Antivirus. Disabling or modifying these services will not disable Microsoft Defender Antivirus, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.
>
@ -87,7 +87,7 @@ You can find more information about each section, including options for configur
> Disabling the Windows Security Center service will not disable Microsoft Defender Antivirus or [Windows Defender Firewall](/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
> [!WARNING]
> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
> If you disable the Window Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>
> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>

3
windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
View File

@ -1,6 +1,6 @@
---
title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows)
description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3
ms.reviewer:
ms.author: dansimp
@ -34,4 +34,3 @@ Because so many of the settings and rules for this GPO are common to those in th
>**Important:**  Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the device. If you attach a network adapter to a device that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the device.
**Next:** [Boundary Zone GPOs](boundary-zone-gpos.md)