deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Move "lockdown" security info to the bottom

Browse Source 
Per discussion with the VPN field team, lockdown is actually often a poor choice for customer -- it's more restrictive than many customer expect, leading to wasted time. It's still supported, but it should be at the bottom of the security list so that customer aren't instantly drawn to it.
This commit is contained in:
Peter Smith
2020-12-18 16:22:38 -08:00
committed by GitHub
parent 4d6d74361a
commit c43cdca4ea
1 changed files with 18 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
windows/security/identity-protection/vpn/vpn-security-features.md
View File

@ -20,23 +20,6 @@ ms.author: dansimp
- Windows 10 Mobile - Windows 10 Mobile
## LockDown VPN
A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features:
- The system attempts to keep the VPN connected at all times.
- The user cannot disconnect the VPN connection.
- The user cannot delete or modify the VPN profile.
- The VPN LockDown profile uses forced tunnel connection.
- If the VPN connection is not available, outbound network traffic is blocked.
- Only one VPN LockDown profile is allowed on a device.
> [!NOTE]
> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
## Windows Information Protection (WIP) integration with VPN ## Windows Information Protection (WIP) integration with VPN
Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally. Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
@ -78,6 +61,24 @@ The following image shows the interface to configure traffic rules in a VPN Prof
![Add a traffic rule](images/vpn-traffic-rules.png) ![Add a traffic rule](images/vpn-traffic-rules.png)
## LockDown VPN
A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features:
- The system attempts to keep the VPN connected at all times.
- The user cannot disconnect the VPN connection.
- The user cannot delete or modify the VPN profile.
- The VPN LockDown profile uses forced tunnel connection.
- If the VPN connection is not available, outbound network traffic is blocked.
- Only one VPN LockDown profile is allowed on a device.
> [!NOTE]
> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
## Related topics ## Related topics
- [VPN technical guide](vpn-guide.md) - [VPN technical guide](vpn-guide.md)