mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-07 10:07:21 +00:00
asr and wdsc
This commit is contained in:
Iaan D'Souza-Wiltshire
parent
dc265e1976
commit
b141441306
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use Windows Defender Exploit Guard to protect your corporate network
|
||||
description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection. It replaces EMET.
|
||||
keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
|
||||
title: Use Attack Surface Reduction rules to prevent malware infection
|
||||
description: ASR rules can help prevent exploits from using apps and scripts to infect machines with malware
|
||||
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -14,7 +14,7 @@ ms.author: iawilt
|
||||
---
|
||||
|
||||
|
||||
# Reduce the attack surface with Windows Defender Exploit Guard
|
||||
# Reduce attack surfaces with Windows Defender Exploit Guard
|
||||
|
||||
|
||||
**Applies to:**
|
||||
@ -28,11 +28,10 @@ ms.author: iawilt
|
||||
|
||||
**Manageability available with**
|
||||
|
||||
- Windows Defender Security Center app
|
||||
- Group Policy
|
||||
- PowerShell
|
||||
- Windows Management Instrumentation (WMI)
|
||||
- Microsoft Intune
|
||||
- Windows Defender Security Center app
|
||||
- Configuration service providers for mobile device management
|
||||
|
||||
|
||||
Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use Windows Defender Exploit Guard to protect your corporate network
|
||||
description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection. It replaces EMET.
|
||||
keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
|
||||
title: Configure how ASR works so you can finetune the protection in your network
|
||||
description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR
|
||||
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -14,12 +14,9 @@ ms.author: iawilt
|
||||
---
|
||||
|
||||
|
||||
# Customize Attack Surface Reduction
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Insider Preview, build 16232 and later
|
||||
- Windows 10 Insider Preview
|
||||
|
||||
**Audience**
|
||||
|
||||
@ -28,21 +25,25 @@ ms.author: iawilt
|
||||
|
||||
**Manageability available with**
|
||||
|
||||
- Windows Defender Security Center app
|
||||
- Group Policy
|
||||
- PowerShell
|
||||
- Windows Management Instrumentation (WMI)
|
||||
- Microsoft Intune
|
||||
- Windows Defender Security Center app
|
||||
- Configuration service providers for mobile device management
|
||||
|
||||
|
||||
Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
|
||||
|
||||
This topic describes how to customize Attack Surface Reduction by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer.
|
||||
|
||||
You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
|
||||
|
||||
## Exclude files and folders
|
||||
|
||||
You can exclude files and folders from being evaluated by Attack Surface Reduction rules. You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the files should be excluded from individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode).
|
||||
You can exclude files and folders from being evaluated by Attack Surface Reduction rules.
|
||||
|
||||
You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode).
|
||||
|
||||
### Use Group Policy to exclude files and folders
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
@ -54,15 +55,46 @@ You can exclude files and folders from being evaluated by Attack Surface Reducti
|
||||
|
||||
6. Double-click the **Exclude files and paths from Attack Surface Reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
|
||||
|
||||
### Use PowerShell to exclude files and folderss
|
||||
|
||||
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
|
||||
2. Enter the following cmdlet:
|
||||
|
||||
```PowerShell
|
||||
Add-MpPreference -AttackSurfaceReductionOnlyExclusions "<fully qualified path or resource>"
|
||||
```
|
||||
|
||||
Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more folders to the list.
|
||||
|
||||
|
||||
>[!IMPORTANT]
|
||||
>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
|
||||
|
||||
### Use MDM CSPs to to exclude files and folders
|
||||
|
||||
Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
|
||||
|
||||
|
||||
|
||||
## Customize the notification
|
||||
|
||||
Customizing the Windows Defender Security Center is a simple task that provides users with a clear way to contact support.
|
||||
Simply navigate in Group Policy to **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Security Center\Enterprise Customization**. From there, you will be able to enable your custom notification, set your organization name and contact information.
|
||||
|
||||
See the [Windows Defender Security Center](/windows-defender-security-center/windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
|
||||
- [Enable Attack Surface Reduction](enable-attack-surface-reduction.md)
|
||||
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
|
||||
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
|
||||
|
||||
|
||||
|
||||
|
||||
### Attack Surface Reduction
|
||||
|
||||
- ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions
|
||||
- ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
|
||||
-- Value as String Data Type : {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}:1
|
||||
@ -77,7 +77,7 @@ You can use the Windows Defender Security Center app or Group Policy to add and
|
||||
|
||||
4. Click **Policies** then **Administrative templates**.
|
||||
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Exploit Guard**.
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
|
||||
|
||||
6. Double-click the **Configured protected folders** setting and set the option to **Enabled**. Click **Show** and enter each folder as Value? Or Value Name?
|
||||
|
||||
@ -145,7 +145,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
|
||||
|
||||
4. Click **Policies** then **Administrative templates**.
|
||||
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Exploit Guard**.
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
|
||||
|
||||
6. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app as Value? Or Value Name? what are the requirements? Have to be exe? Do you have to enter fully qualified path, or will it apply to any .exe with that name?
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use Windows Defender Exploit Guard to protect your corporate network
|
||||
description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection. It replaces EMET.
|
||||
keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
|
||||
title: Enable ASR rules individually to protect your organization
|
||||
description: Enable ASR rules to protect your devices from attacks the use macros, scripts, and common injection techniques
|
||||
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, enable, turn on
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -19,7 +19,7 @@ ms.author: iawilt
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Insider Preview, build 16232 and later
|
||||
- Windows 10 Insider Preview
|
||||
|
||||
**Audience**
|
||||
|
||||
@ -30,20 +30,50 @@ ms.author: iawilt
|
||||
|
||||
- Group Policy
|
||||
- PowerShell
|
||||
- Windows Management Instrumentation (WMI)
|
||||
- Microsoft Intune
|
||||
- Windows Defender Security Center app
|
||||
|
||||
- Configuration service providers for mobile device management
|
||||
|
||||
|
||||
Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
|
||||
|
||||
## Individually enable Attack Surface Reduction rules
|
||||
|
||||
You can use Group Policy to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode.
|
||||
You can use Group Policy, PowerShell, or MDM CSPs to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode.
|
||||
|
||||
For further details on how audit mode works, and when you might want to use it, see the [auditing Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
|
||||
|
||||
## Enable Attack Surface Reduction rules
|
||||
|
||||
ASR rules are identified by their unique rule ID.
|
||||
|
||||
Rule IDs willl be populated on machines that are enrolled in an E5 license. These machines will also properly report their Attack Surface Reduction rule history in the Windows Defender Security Center web console.
|
||||
|
||||
You can also manually add the rules from the following table:
|
||||
|
||||
Rule description | GUIDs
|
||||
-|-
|
||||
Block executable content from email client and webmail. | be9ba2d9-53ea-4cdc-84e5-9b1eeee46550
|
||||
Block Office applications from creating child processes | {d4f940ab-401b-4efc-aadc-ad5f3c50688a}
|
||||
Block Office applications from creating executable content | {3b576869-a4ec-4529-8536-b80a7769e899}
|
||||
Block Office applications from injecting into other processes | {75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84}
|
||||
Impede JavaScript and VBScript to launch executables | {d3e037e1-3eb8-44c8-a917-57927947596d}
|
||||
Block execution of potentially obfuscated scripts | {5beb7efe-fd9a-4556-801d-275e5ffc04cc}
|
||||
|
||||
|
||||
|
||||
|
||||
Block Win32 imports from Macro code in Office | {92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B}
|
||||
|
||||
>[!NOTE]
|
||||
>I don't see this rule in the test tool
|
||||
|
||||
|
||||
See the [Evaluate Attack Surface Reduction rules](evaluate-attack-surface-reduction.md) topic for details on each rule.
|
||||
|
||||
>[!NOTE]
|
||||
>Are we revealing the rule GUIDs? Will they appear on E5 machines?
|
||||
|
||||
|
||||
### Use Group Policy to enable Attack Surface Reduction rules
|
||||
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
3. In the **Group Policy Management Editor** go to **Computer configuration**.
|
||||
@ -53,7 +83,7 @@ For further details on how audit mode works, and when you might want to use it,
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack Surface Reduction**.
|
||||
|
||||
6. Double-click the **Configure Attack Surface Reduction rules** setting and set the option to **Enabled**. You can then set the individual state for each rule in the options section:
|
||||
- Click **Show...** and enter the Rule ID in the **Value name** column and your desired state in the **Value** column as follows:
|
||||
- Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows:
|
||||
- Block mode = 1
|
||||
- Disabled = 0
|
||||
- Audit mode = 2
|
||||
@ -61,69 +91,29 @@ For further details on how audit mode works, and when you might want to use it,
|
||||
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>Rule IDs willl be populated on machines that are enrolled in an E5 license. These machines will also properly report their Attack Surface Reduction rule history in the Windows Defender Security Center web console.
|
||||
|
||||
|
||||
|
||||
### Use PowerShell to enable Attack Surface Reduction rules
|
||||
|
||||
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
|
||||
2. Enter the following cmdlet:
|
||||
|
||||
```PowerShell
|
||||
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID>
|
||||
```
|
||||
|
||||
>[!NOTE]
|
||||
>The tool reveals the RuleIDs. How will the IDs be hidden/how will the experience differ without an E5?
|
||||
>Not sure if this is right. What does AttackSurfaceReductionRules_Actions do? Do you need to add $TRUE/$FALSE or 1/0 at the end to enable it? Does the rule need to go in " or {}? Some examples would be handy here I think
|
||||
|
||||
>[!IMPORTANT]
|
||||
>Use `Add-MpPreference` to append or add rules. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
|
||||
|
||||
### Use MDM CSPs to enable Attack Surface Reduction rules
|
||||
|
||||
Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Policy settings for Windows Defender EG
|
||||
|
||||
The MDM policy settings for Windows Defender EG are listed in this section, along with example settings.
|
||||
|
||||
|
||||
### Attack Surface Reduction
|
||||
|
||||
- ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions
|
||||
- ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
|
||||
-- Value as String Data Type : {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}:1
|
||||
|
||||
|
||||
#### Rule-GUIDs for ASR
|
||||
|
||||
Rule description | GUIDs
|
||||
-|-
|
||||
Office rules |
|
||||
Block office application from injecting into other processes | {75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84}
|
||||
| OMA URI : “./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules”
|
||||
| Value as String Data Type : {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}:1
|
||||
| 1 = Block, 2 = Audit, 0 = Disabled.
|
||||
Block office application/macros from creating executable content | {3b576869-a4ec-4529-8536-b80a7769e899}
|
||||
| Replace the above GUID with the corresponding Rule GUID
|
||||
Block office application from launching child processes | {d4f940ab-401b-4efc-aadc-ad5f3c50688a}
|
||||
| Replace the above GUID with the corresponding Rule GUID
|
||||
Block Win32 imports from Macro code in Office | {92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B}
|
||||
| Replace the above GUID with the corresponding Rule GUID
|
||||
Block obfuscated js/vbs/ps/macro code | {5beb7efe-fd9a-4556-801d-275e5ffc04cc}
|
||||
| Replace the above GUID with the corresponding Rule GUID
|
||||
Script rules |
|
||||
Block obfuscated js/vbs/ps/macro code | {5beb7efe-fd9a-4556-801d-275e5ffc04cc}
|
||||
| Replace the above GUID with the corresponding Rule GUID [Note: same rule as above, but also covers scripts hence written here]
|
||||
Block js/vbs from executing payload downloaded from Internet. | {d3e037e1-3eb8-44c8-a917-57927947596d}
|
||||
| Replace the above GUID with the corresponding Rule GUID
|
||||
Email rule |
|
||||
Block execution of executable content (exe, dll, ps, js, vbs, etc) dropped from email (webmail/mail-client). | be9ba2d9-53ea-4cdc-84e5-9b1eeee46550
|
||||
| Replace the above GUID with the corresponding Rule GUID [Currently working for Mail-client (Outlook). Personal Webmail (Outlook.com, Gmail, Yahoo) work in progress]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Manually enabling the Attack Surface Reduction rules
|
||||
|
||||
You can also manually use GP or MDM-URIs to enable the ASR rules:
|
||||
|
||||
From the rules tables above, choose the ASR rules that you want to enable and set the following policy. For each rule select the right GUID.
|
||||
|
||||
After you’ve chosen your rules, use one of the tools above to simulate a rule to fire.
|
||||
- “./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules”
|
||||
- Value as String Data Type: {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}:2
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
@ -39,15 +39,11 @@ Controlled Folder Access helps you protect valuable data from malicious apps and
|
||||
|
||||
This topic describes how to enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs).
|
||||
|
||||
## Enable Controlled Folder Access
|
||||
|
||||
You can enable Controlled Folder Access with either the Windows Defender Security Center app or Group Policy. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
|
||||
You can enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
|
||||
|
||||
For further details on how audit mode works, and when you might want to use it, see the [auditing Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
|
||||
|
||||
|
||||
For further details on how audit mode works, and when you might want to use it, see the section [Use auditing mode to measure impact](#use-auditing-mode-to-measure-impact).
|
||||
|
||||
### Use the Windows Defender Security app to enable Controlled Folder Access
|
||||
|
||||
1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
|
||||
@ -68,7 +64,7 @@ For further details on how audit mode works, and when you might want to use it,
|
||||
|
||||
4. Click **Policies** then **Administrative templates**.
|
||||
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Exploit Guard**.
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
|
||||
|
||||
6. Double-click the **Configure controlled folder access** setting and set the option to **Enabled**. In the options section you must specify one of the following:
|
||||
- **Enable** - Malicious and suspicious apps will not be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title:
|
||||
description:
|
||||
keywords:
|
||||
title: Use a demo tool to see how ASR could help protect your organization's devices
|
||||
description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks
|
||||
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
@ -13,8 +13,28 @@ author: iaanw
|
||||
ms.author: iawilt
|
||||
---
|
||||
|
||||
|
||||
# Evaluate Attack Surface Reduction rules
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Insider Preview
|
||||
|
||||
**Audience**
|
||||
|
||||
- Enterprise security administrators
|
||||
|
||||
|
||||
**Manageability available with**
|
||||
|
||||
- Windows Defender Security Center app
|
||||
- Group Policy
|
||||
- PowerShell
|
||||
- Configuration service providers for mobile device management
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard [that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines](attack-surface-reduction-exploit-guard.md).
|
||||
|
||||
@ -113,6 +133,8 @@ WebMail Script Archive | Script archive files (such as .????) | Web mail
|
||||
>[!NOTE]
|
||||
>What is a script archive file?
|
||||
|
||||
>[!NOTE]
|
||||
>WebMail rules are currently being engineered and may not work as expected
|
||||
|
||||
### Rule: Block Office applications from creating child processes
|
||||
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 78 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 30 KiB |
@ -108,6 +108,52 @@ See the following links for more information on the features in the Windows Defe
|
||||
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
|
||||
- Home users can learn more at the [Help protection your family online in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
|
||||
|
||||
## Customize notifications from the Windows Defender Security Center
|
||||
|
||||
You can customize notifcations so they show information to users about how to get more help from your organization's help desk.
|
||||
|
||||
|
||||
|
||||
This information will also appear as a pop-out window on the Windows Defender Security Center app.
|
||||
|
||||
|
||||
|
||||
Users can click on the displayed information to get more help:
|
||||
- Clicking **Call** or the phone number will open Skype to start a call to the displayed number
|
||||
- Clicking **Email** or the email address will create a new email in the machine's default email app address to the displayed email
|
||||
- Clicking **Help portal** or the website URL will open the machine's default web browser and go to the displayed address
|
||||
|
||||
|
||||
### Use Group Policy to customize the notification
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
3. In the **Group Policy Management Editor** go to **Computer configuration**.
|
||||
|
||||
4. Click **Policies** then **Administrative templates**.
|
||||
|
||||
5. Expand the tree to **Windows components > Windows Defender Security Center > Enterprise Customization**.
|
||||
|
||||
6. Open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
|
||||
|
||||
7. Open the **Specify contact company name** setting and set it to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
|
||||
|
||||
8. To ensure the custom notification appear, you must also configure at least one of the following settings by opening them, setting them to **Enabled** and adding the contact information in the field under **Options**:
|
||||
1. Specify contact email address of Email ID
|
||||
2. Specify contact phone number or Skype ID
|
||||
3. Specify contact website
|
||||
|
||||
9. Click **OK** after configuring each setting to save your changes.
|
||||
|
||||
|
||||
### Use PowerShell to customize the notification
|
||||
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>Are there any PS cmdlets for customizing? What about CSPs for MDM?
|
||||
|
||||
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user