mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Update references to non-Microsoft solutions in identity protection and encryption
This commit is contained in:
@ -28,7 +28,7 @@ Tunneling protocols:
|
||||
|
||||
## Universal Windows Platform VPN plug-in
|
||||
|
||||
Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
|
||||
Using the UWP platform, non-Microsoft VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
|
||||
|
||||
There are many Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
|
||||
|
||||
@ -41,7 +41,7 @@ The following image shows connection options in a VPN Profile configuration poli
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
|
||||
In Intune, you can also include custom XML for third-party plug-in profiles:
|
||||
In Intune, you can also include custom XML for non-Microsoft plug-in profiles:
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
|
@ -9,7 +9,7 @@ ms.topic: concept-article
|
||||
|
||||
## Hyper-V based containers and VPN
|
||||
|
||||
Windows supports different kinds of Hyper-V based containers, like Microsoft Defender Application Guard and Windows Sandbox. When you use a third party VPN solution, the Hyper-V based containers may not be able to seamlessly connect to the internet, and configuration changes may be needed to resolve connectivity issues.
|
||||
Windows supports different kinds of Hyper-V based containers, like Microsoft Defender Application Guard and Windows Sandbox. When you use a non-Microsoft VPN solution, the Hyper-V based containers may not be able to seamlessly connect to the internet, and configuration changes may be needed to resolve connectivity issues.
|
||||
|
||||
For example, read about the workaround for Cisco AnyConnect VPN: [Cisco AnyConnect Secure Mobility Client Administrator Guide: Connectivity issues with VM-based subsystems](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f).
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Manage Windows Firewall with the command line
|
||||
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
|
||||
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
|
||||
ms.topic: how-to
|
||||
ms.date: 11/21/2023
|
||||
---
|
||||
@ -61,7 +61,7 @@ Disabling Windows Firewall can also cause problems, including:
|
||||
- Activation of Windows via phone fails
|
||||
- Application or OS incompatibilities that depend on Windows Firewall
|
||||
|
||||
Microsoft recommends disabling Windows Firewall only when installing a third-party firewall, and resetting Windows Firewall back to defaults when the third-party software is disabled or removed.
|
||||
Microsoft recommends disabling Windows Firewall only when installing a non-Microsoft firewall, and resetting Windows Firewall back to defaults when the non-Microsoft software is disabled or removed.
|
||||
If disabling Windows Firewall is required, don't disable it by stopping the Windows Firewall service (in the **Services** snap-in, the display name is Windows Firewall and the service name is MpsSvc).
|
||||
Stopping the Windows Firewall service isn't supported by Microsoft.
|
||||
Non-Microsoft firewall software can programmatically disable only the parts of Windows Firewall that need to be disabled for compatibility.
|
||||
|
@ -44,7 +44,7 @@ When first installed, network applications and services issue a *listen call* sp
|
||||
In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked.
|
||||
|
||||
> [!NOTE]
|
||||
> The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from third-party software should be determined by trusted app developers, the user, or the admin on behalf of the user.
|
||||
> The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user.
|
||||
|
||||
### WDAC tagging policies
|
||||
|
||||
@ -52,7 +52,7 @@ Windows Firewall supports the use of Windows Defender Application Control (WDAC)
|
||||
|
||||
1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications.
|
||||
1. Configure firewall rules using *PolicyAppId tags* using one of the two methods:
|
||||
- Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting
|
||||
- Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting
|
||||
- Create local firewall rules with PowerShell: use the [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) cmdlet and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported
|
||||
|
||||
## Local policy merge and application rules
|
||||
|
Reference in New Issue
Block a user