Update references to non-Microsoft solutions in identity protection and encryption

This commit is contained in:
Paolo Matarazzo
2024-02-05 15:04:15 -05:00
parent 98c5ed1162
commit 9ac14a95ea
37 changed files with 341 additions and 201 deletions

View File

@ -28,7 +28,7 @@ Tunneling protocols:
## Universal Windows Platform VPN plug-in
Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
Using the UWP platform, non-Microsoft VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
There are many Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
@ -41,7 +41,7 @@ The following image shows connection options in a VPN Profile configuration poli
> [!div class="mx-imgBorder"]
> ![Available connection types.](images/vpn-connection-intune.png)
In Intune, you can also include custom XML for third-party plug-in profiles:
In Intune, you can also include custom XML for non-Microsoft plug-in profiles:
> [!div class="mx-imgBorder"]
> ![Custom XML.](images/vpn-custom-xml-intune.png)

View File

@ -9,7 +9,7 @@ ms.topic: concept-article
## Hyper-V based containers and VPN
Windows supports different kinds of Hyper-V based containers, like Microsoft Defender Application Guard and Windows Sandbox. When you use a third party VPN solution, the Hyper-V based containers may not be able to seamlessly connect to the internet, and configuration changes may be needed to resolve connectivity issues.
Windows supports different kinds of Hyper-V based containers, like Microsoft Defender Application Guard and Windows Sandbox. When you use a non-Microsoft VPN solution, the Hyper-V based containers may not be able to seamlessly connect to the internet, and configuration changes may be needed to resolve connectivity issues.
For example, read about the workaround for Cisco AnyConnect VPN: [Cisco AnyConnect Secure Mobility Client Administrator Guide: Connectivity issues with VM-based subsystems](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f).

View File

@ -1,6 +1,6 @@
---
title: Manage Windows Firewall with the command line
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
ms.topic: how-to
ms.date: 11/21/2023
---
@ -61,7 +61,7 @@ Disabling Windows Firewall can also cause problems, including:
- Activation of Windows via phone fails
- Application or OS incompatibilities that depend on Windows Firewall
Microsoft recommends disabling Windows Firewall only when installing a third-party firewall, and resetting Windows Firewall back to defaults when the third-party software is disabled or removed.
Microsoft recommends disabling Windows Firewall only when installing a non-Microsoft firewall, and resetting Windows Firewall back to defaults when the non-Microsoft software is disabled or removed.
If disabling Windows Firewall is required, don't disable it by stopping the Windows Firewall service (in the **Services** snap-in, the display name is Windows Firewall and the service name is MpsSvc).
Stopping the Windows Firewall service isn't supported by Microsoft.
Non-Microsoft firewall software can programmatically disable only the parts of Windows Firewall that need to be disabled for compatibility.

View File

@ -44,7 +44,7 @@ When first installed, network applications and services issue a *listen call* sp
In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked.
> [!NOTE]
> The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from third-party software should be determined by trusted app developers, the user, or the admin on behalf of the user.
> The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user.
### WDAC tagging policies
@ -52,7 +52,7 @@ Windows Firewall supports the use of Windows Defender Application Control (WDAC)
1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications.
1. Configure firewall rules using *PolicyAppId tags* using one of the two methods:
- Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting
- Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting
- Create local firewall rules with PowerShell: use the [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) cmdlet and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported
## Local policy merge and application rules