deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md

Browse Source
This commit is contained in:
Mike Edgar
2019-08-24 07:26:14 -07:00
committed by GitHub
parent a21367b5a3
commit 91ac326042
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
View File

@ -22,7 +22,7 @@ This article describes the egress network connections that Windows 10 components
Note: Even if all of the settings described in this article are applied CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) egress traffic will still exist since it is “Allowed Traffic”. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities and there are others such as DigiCert, Google, Symantec, Thawte, and VeriSign. Additionally, there is some traffic which is specifically required for the Microsoft Intune based management of Windows 10 devices. This traffic includes Windows Notifications Service (WNS), Automatic Root Certificates Update (ARCU), and some Windows Update related traffic. The aforementioned traffic comprises the "Allowed Traffic" for Microsoft Intune MDM Server to manage Windows 10 devices. Note: Even if all of the settings described in this article are applied CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) egress traffic will still exist since it is “Allowed Traffic”. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities and there are others such as DigiCert, Google, Symantec, Thawte, and VeriSign. Additionally, there is some traffic which is specifically required for the Microsoft Intune based management of Windows 10 devices. This traffic includes Windows Notifications Service (WNS), Automatic Root Certificates Update (ARCU), and some Windows Update related traffic. The aforementioned traffic comprises the "Allowed Traffic" for Microsoft Intune MDM Server to manage Windows 10 devices.
For security reasons, it is important to carefully decide which settings to configure since several important settings will result in a less secure device. In an MDM configuration examples of these settings are Windows Update and Windows Defender. We do not recommended disabling these features as they help Microsoft deliver a secure, reliable, and more delightful personalized experience. For security reasons, it is important to carefully decide which settings to configure since several important settings will result in a less secure device. In a MDM configuration examples of these settings are Windows Update and Windows Defender. We do not recommended disabling these features as they help Microsoft deliver a secure, reliable, and more delightful personalized experience.
To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy. To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy.