added new screenshots and steps

2025-05-13 22:07:22 +00:00 · 2018-05-17 11:03:30 -07:00 · 2018-05-17 11:03:30 -07:00 · 8f33e699e5
commit 8f33e699e5
parent 9d45333eb9
3 changed files with 6 additions and 33 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@ -19,40 +19,13 @@ ms.date: 02/28/2018
 You can apply Windows Defender Application Control (WDAC) to Windows 10 client computers using Microsoft Intune.
-1. Open the Microsoft Intune portal and click **Create a compliance policy**.
+1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Creae profile**.
-   ![Create a compliance policy in Intune](images\wdac-intune-create-acompliance-policy.png)
+3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**.  
-2. Click **Create Policy**.
+   ![Select platform](images\wdac-intune-create-profile-name.png)
-   ![Create a new policy](images\wdac-intune-create-new-policy.png)
+4. Click **Configure** > **Windows Defender Application Control**.  for the following settings and then click **OK**:
-3. Type a name for the new policy and for **Platform**, select **Windows 10 and later**.  
+   - **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Microsoft Store apps to run.  
-
+   - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps.
   ![Select platform](images\wdac-intune-create-policy-name.png)
 4. Click **Device Health**, select **Require** for the following settings and then click **OK**:
   - **Require BitLocker**
   - **Require Secure Boot to be enabled on the device**
   - **Require code integrity**
   ![Device Health settings](images\wdac-intune-device-health-settings.png)
 5. Click **Device Properties**, configure any operating system version requirements and then click **OK**.  
   ![Device properties](images\wdac-intune-device-properties.png)
 6. Click **System Security**, select any security options to include in the policy and then click **OK**.   
   ![System security settings](images\wdac-intune-system-security-settings.png)
 7. When you finish configuring settings, click **OK** and then click **Create**.
 8. Click **Assignments**. 
   ![Assignments](images\wdac-intune-assignments.png)
 9. Select any mutually exclusive groups to include or exclude from the policy, or assign it to **All users**, and then click **Save**.
   ![Assign the policy to groups](images\wdac-intune-assignments-groups.png)   
--- a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-create-profile-name.png
+++ b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-create-profile-name.png
--- a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-wdac-settings.png
+++ b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-wdac-settings.png