deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update GPO and CSP references in documentation

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-12-29 10:21:41 -05:00
parent 6ceb1a413d
commit a980e252a2
9 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
View File

@ -35,7 +35,7 @@ To configure UAC, you can use:
The following instructions provide details how to configure your devices. Select the option that best suits your needs.
#### [:::image type="icon" source="../../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
#### [:::image type="icon" source="../../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
### Configure UAC with a Settings catalog policy
@ -61,7 +61,7 @@ The policy settings are located under: `./Device/Vendor/MSFT/Policy/Config/Local
| **Setting name**: Switch to the secure desktop when prompting for elevation<br>**Policy CSP name**: `UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation`|
| **Setting name**: Virtualize file and registry write failures to per-user locations<br>**Policy CSP name**: `UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations`|
#### [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
You can use security policies to configure how User Account Control works in your organization. The policies can be configured locally by using the Local Security Policy snap-in (`secpol.msc`) or configured for the domain, OU, or specific groups by group policy.

12
windows/security/identity-protection/credential-guard/configure.md
View File

@ -37,7 +37,7 @@ To enable Credential Guard, you can use:
[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
### Configure Credential Guard with Intune
@ -64,7 +64,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
Once the policy is applied, restart the device.
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
### Configure Credential Guard with group policy
@ -232,7 +232,7 @@ There are different options to disable Credential Guard. The option you choose d
[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
### Disable Credential Guard with Intune
@ -254,7 +254,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
Once the policy is applied, restart the device.
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
### Disable Credential Guard with group policy
@ -336,7 +336,7 @@ Use one of the following options to disable VBS:
[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
### Disable VBS with Intune
@ -358,7 +358,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
Once the policy is applied, restart the device.
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
### Disable VBS with group policy

4
windows/security/identity-protection/hello-for-business/deploy/includes/intune-settings-catalog-enable-whfb.md
View File

@ -5,13 +5,13 @@ ms.topic: include
### Enable Windows Hello for Business
[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
[!INCLUDE [intune-settings-catalog-1](../../../../../../includes/configure/intune-settings-catalog-1.md)]
| Category | Setting name | Value |
|--|--|--|
| **Windows Hello for Business** | Use Passport For Work | true |
[!INCLUDE [intune-settings-catalog-2](../../../../../includes/configure/intune-settings-catalog-2.md)]
[!INCLUDE [intune-settings-catalog-2](../../../../../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy](/mem/intune/configuration/custom-settings-configure) with the [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp).

2
windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-cert.md
View File

@ -3,4 +3,4 @@ ms.date: 12/15/2023
ms.topic: include
---
[certificate trust :::image type="icon" source="../images/information.svg" border="false":::](../how-it-works.md "This trust type uses a certificate to authenticate the users to Active Directory. It's required to issue certificates to the users and to the domain controllers")
[certificate trust :::image type="icon" source="../images/information.svg" border="false":::](../../how-it-works.md "This trust type uses a certificate to authenticate the users to Active Directory. It's required to issue certificates to the users and to the domain controllers")

2
windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-cloud-kerberos.md
View File

@ -3,4 +3,4 @@ ms.date: 12/08/2022
ms.topic: include
---
[cloud Kerberos trust :::image type="icon" source="../images/information.svg" border="false":::](../how-it-works.md "This trust type uses security keys to authenticate the users to Active Directory. It's not required to issue any certificates, making it the recommended choice for environments that don't need certificate authentication")
[cloud Kerberos trust :::image type="icon" source="../images/information.svg" border="false":::](../../how-it-works.md "This trust type uses security keys to authenticate the users to Active Directory. It's not required to issue any certificates, making it the recommended choice for environments that don't need certificate authentication")

2
windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-key.md
View File

@ -3,4 +3,4 @@ ms.date: 12/08/2022
ms.topic: include
---
[key trust :::image type="icon" source="../images/information.svg" border="false":::](../how-it-works.md "This trust type uses a raw key to authenticate the users to Active Directory. It's not required to issue certificates to users, but it's required to deploy certificates to domain controllers")
[key trust :::image type="icon" source="../images/information.svg" border="false":::](../../how-it-works.md "This trust type uses a raw key to authenticate the users to Active Directory. It's not required to issue certificates to users, but it's required to deploy certificates to domain controllers")

2
windows/security/identity-protection/hello-for-business/multifactor-unlock.md
View File

@ -366,7 +366,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
|--------|
| ./Device/Vendor/MSFT/PassportForWork/[DeviceUnlock](/windows/client-management/mdm/passportforwork-csp#devicedeviceunlock)|
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../../includes/configure/gpo-settings-1.md)]

8
windows/security/identity-protection/remote-credential-guard.md
View File

@ -84,7 +84,7 @@ To enable delegation of nonexportable credentials on the remote hosts, you can u
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
@ -100,7 +100,7 @@ Alternatively, you can configure devices using a [custom policy][INT-3] with the
|--------|
| - **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials`<br>- **Data type:** string<br>- **Value:** `<enabled/>`|
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
@ -155,7 +155,7 @@ To configure your clients, you can use:
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
@ -171,7 +171,7 @@ Alternatively, you can configure devices using a [custom policy][INT-3] with the
|--|
|- **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/ADMX_CredSsp/RestrictedRemoteAdministration`<br>- **Data type:** string<br>- **Value:** `<enabled/><data id=\"RestrictedRemoteAdministrationDrop\" value=\"2\"/>`<br><br>Possible values for `RestrictedRemoteAdministrationDrop` are:<br>- `0`: Disabled<br>- `1`: Require Restricted Admin<br>- `2`: Require Remote Credential Guard<br>- `3`: Restrict credential delegation |
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]

2
windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
View File

@ -47,7 +47,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
| *Public* | Setting name: [EnableLogSuccessConnections][CSP-10]<br>OMA-URI: `./Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableLogSuccessConnections` |
| *Public* | Setting name: [LogMaxFileSize][CSP-13]<br>OMA-URI: `./Vendor/MSFT/Firewall/MdmStore/PublicProfile/LogMaxFileSize` |
# [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
# [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]