deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5616 from MicrosoftDocs/v-mathavale-5392069-101to112

Browse Source 
Updated 101 to 112
This commit is contained in:
Gary Moore 2021-09-20 17:46:50 -07:00 committed by GitHub
commit bb700afd62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 48 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
View File

@ -1,5 +1,5 @@
---
title: Restrict Server Access to Members of a Group Only (Windows 10)
title: Restrict Server Access to Members of a Group Only (Windows)
description: Create a firewall rule to access isolated servers running Windows Server 2008 or later and restrict server access to members of a group.
ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
After you have configured the IPsec connection security rules that force client devices to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those devices or users who have been identified through the authentication process as members of the isolated servers access group.

7
windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
View File

@ -1,5 +1,5 @@
---
title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows)
description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -11,7 +11,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
ms.technology: mde
@ -21,7 +21,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
IKEv2 offers the following:

7
windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
View File

@ -1,5 +1,5 @@
---
title: Server Isolation GPOs (Windows 10)
title: Server Isolation GPOs (Windows)
description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security.
ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
Each set of devices that have different users or devices accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on devices in the zone. The Woodgrove Bank example has an isolation zone for their devices that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.

7
windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
View File

@ -1,5 +1,5 @@
---
title: Server Isolation Policy Design Example (Windows 10)
title: Server Isolation Policy Design Example (Windows)
description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company.
ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section.

7
windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Server Isolation Policy Design (Windows 10)
title: Server Isolation Policy Design (Windows)
description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group.
ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
In the server isolation policy design, you assign servers to a zone that allows access only to users and devices that authenticate as members of an approved network access group (NAG).

7
windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
View File

@ -1,5 +1,5 @@
---
title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows 10)
title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows)
description: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
To enable Windows Defender Firewall with Advanced Security and configure its default behavior, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console.

4
windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
View File

@ -1,5 +1,5 @@
---
title: Understand WFAS Deployment (Windows 10)
title: Understand WFAS Deployment (Windows)
description: Resources for helping you understand the Windows Defender Firewall with Advanced Security (WFAS) Design Process
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -11,7 +11,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
ms.technology: mde

7
windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
View File

@ -1,5 +1,5 @@
---
title: Verify That Network Traffic Is Authenticated (Windows 10)
title: Verify That Network Traffic Is Authenticated (Windows)
description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication.
ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the devices on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the devices have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.

7
windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
View File

@ -1,5 +1,5 @@
---
title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows 10)
title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows)
description: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -11,7 +11,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
ms.technology: mde
@ -21,7 +21,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
The Windows Defender Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Defender Firewall management. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Defender Firewall management in Windows.

7
windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
View File

@ -1,5 +1,5 @@
---
title: Windows Defender Firewall with Advanced Security deployment overview (Windows 10)
title: Windows Defender Firewall with Advanced Security deployment overview (Windows)
description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network.
ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
You can use the Windows Defender Firewall with Advanced Security MMC snap-in with devices running at least Windows Vista or Windows Server 2008 to help protect the devices and the data that they share across a network.

9
windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
View File

@ -1,5 +1,5 @@
---
title: Windows Defender Firewall with Advanced Security design guide (Windows 10)
title: Windows Defender Firewall with Advanced Security design guide (Windows)
description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise.
ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/05/2017
ms.date: 09/08/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
Windows Defender Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Defender Firewall supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot authenticate cannot communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices.
@ -87,7 +88,7 @@ The following table identifies and defines terms used throughout this guide.
| Certificate-based isolation | A way to add devices that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every device in the isolated domain and the devices that cannot use Kerberos V5 are provided with a device certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).|
| Domain isolation | A technique for helping protect the devices in an organization by requiring that the devices authenticate each other's identity before exchanging information, and refusing connection requests from devices that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see "Isolated domain" in this table.|
| Encryption zone | A subset of the devices in an isolated domain that process sensitive data. Devices that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Devices that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.|
| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.<br/>By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.<br/>By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 11, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
| Internet Protocol security (IPsec) | A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).|
| IPsec policy | A collection of connection security rules that provide the required protection to network traffic entering and leaving the device. The protection includes authentication of both the sending and receiving device, integrity protection of the network traffic exchanged between them, and can include encryption.|
| Isolated domain | An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member devices by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).<br/>In this guide, the term *isolated domain* refers to the IPsec concept of a group of devices that can share authentication. The term *Active Directory domain* refers to the group of devices that share a security database by using Active Directory.|

10
windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
View File

@ -1,5 +1,5 @@
---
title: Windows Defender Firewall with Advanced Security (Windows 10)
title: Windows Defender Firewall with Advanced Security (Windows)
description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -12,7 +12,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/21/2020
ms.date: 09/08/2021
ms.reviewer:
ms.custom: asr
ms.technology: mde
@ -21,9 +21,9 @@ ms.technology: mde
# Windows Defender Firewall with Advanced Security
**Applies to**
- Windows 10
- Windows Server 2016
- Windows Server 2019
- Windows 10
- Windows 11
- Windows Server 2016 and above
This is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.