deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added new screenshots and steps

Browse Source
This commit is contained in:
Justin Hall 2018-05-17 11:03:30 -07:00
parent 9d45333eb9
commit 8f33e699e5
3 changed files with 6 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
View File

@ -19,40 +19,13 @@ ms.date: 02/28/2018
You can apply Windows Defender Application Control (WDAC) to Windows 10 client computers using Microsoft Intune.
1. Open the Microsoft Intune portal and click **Create a compliance policy**.
1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Creae profile**.
![Create a compliance policy in Intune](images\wdac-intune-create-acompliance-policy.png)
3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**.
2. Click **Create Policy**.
![Select platform](images\wdac-intune-create-profile-name.png)
![Create a new policy](images\wdac-intune-create-new-policy.png)
4. Click **Configure** > **Windows Defender Application Control**. for the following settings and then click **OK**:
3. Type a name for the new policy and for **Platform**, select **Windows 10 and later**.
![Select platform](images\wdac-intune-create-policy-name.png)
4. Click **Device Health**, select **Require** for the following settings and then click **OK**:
- **Require BitLocker**
- **Require Secure Boot to be enabled on the device**
- **Require code integrity**
![Device Health settings](images\wdac-intune-device-health-settings.png)
5. Click **Device Properties**, configure any operating system version requirements and then click **OK**.
![Device properties](images\wdac-intune-device-properties.png)
6. Click **System Security**, select any security options to include in the policy and then click **OK**.
![System security settings](images\wdac-intune-system-security-settings.png)
7. When you finish configuring settings, click **OK** and then click **Create**.
8. Click **Assignments**.
![Assignments](images\wdac-intune-assignments.png)
9. Select any mutually exclusive groups to include or exclude from the policy, or assign it to **All users**, and then click **Save**.
![Assign the policy to groups](images\wdac-intune-assignments-groups.png)
- **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Microsoft Store apps to run.
- **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps.

BIN
windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-create-profile-name.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 90 KiB

BIN
windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-wdac-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB