deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3069 from MicrosoftDocs/allow-block

Browse Source 
updating blacklist/whitelist to allow/block
This commit is contained in:
Tina Burden
2020-06-15 11:14:23 -07:00
committed by GitHub
parent 1e97ea36a0 e300ab6f56
commit cd1ac9a031
96 changed files with 242 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
devices/hololens/hololens-faq-security.md
View File

@ -34,7 +34,7 @@ appliesto:
1. **What frequency range and channels does the device operate on and is it configurable?**
1. Wi-Fi: The frequency range is not user configurable and depends on the country of use. In the US Wi-Fi uses both 2.4 GHz (1-11) channels and 5 GHz (36-64, 100-165) channels.
1. Bluetooth: Bluetooth uses the standard 2.4-2.48 GHz range.
1. **Can the device blacklist or white list specific frequencies?**
1. **Can the device allow or block specific frequencies?**
1. This is not controllable by the user/device
1. **What is the power level for both transmit and receive? Is it adjustable? What is the range of operation?**
1. Our emissions testing standards can be found [here](https://fccid.io/C3K1688). Range of operation is highly dependent on the access point and environment - but is roughly equivalent to other high-quality phones, tablets, or PCs.
@ -63,9 +63,9 @@ appliesto:
1. Yes
1. **Is there an ability to control or disable the use of ports on the device?**
1. The HoloLens only contains 2 ports (one for headphones and one for charging or connecting to PCs). There is not ability to disable the port due to functionality and recovery reasons.
1. **Antivirus, end point detection, IPS, app control whitelist Any ability to run antivirus, end point detection, IPS, app control whitelist, etc.**
1. **Antivirus, end point detection, IPS, app control allow list Any ability to run antivirus, end point detection, IPS, app control allow list, etc.**
1. Windows Holographic for Business (commercial suite) does support Windows Defender Smart Screen. If an antivirus company were to create and publish their app to the Universal Windows Platform, it could be downloaded on HoloLens. At present, no companies have done this for HoloLens.
1. Whitelisting apps is possible by using the Microsoft Enterprise Store, where you can choose only what specific apps can be downloaded. Also, through MDM you can lock what specific apps can be run or even seen on the device.
1. Allowing apps is possible by using the Microsoft Enterprise Store, where you can choose only what specific apps can be downloaded. Also, through MDM you can lock what specific apps can be run or even seen on the device.
1. **Can we quarantine the device from prod network until we update the device if it has been offline for an extended period of time? Ex. Device has been sitting in a drawer not powered up for a period (6 months) and has not received any updates, patches, etc. When it tries to come on the network can we flag it and say you must update on another network prior to being complaint to join the network.**
1. This is something that can be managed on the infrastructure level by either an MDM or an on-prem server. The device can be flagged as not compliant if it does not meet a specified Update version.
1. **Does Microsoft include any back doors or access to services that allows Microsoft to connect to the device for screen sharing or remote support at will?**
@ -85,7 +85,7 @@ appliesto:
1. C3K1855
1. **What frequency range and channels does the device operate on and is it configurable?**
1. Wi-Fi: The frequency range is not user configurable and depends on the country of use. In the US Wi-Fi uses both 2.4 GHz (1-11) channels and 5 GHz (36-64, 100-165) channels.
1. **Can the device blacklist or white list specific frequencies?**
1. **Can the device allow or block specific frequencies?**
1. This is not controllable by the user/device
1. **What is the power level for both transmit and receive? Is it adjustable? What is the range of operation?**
1. Wireless power levels depend on the channel of operation. Devices are calibrated to perform at the highest power levels allowed based on the region's regulatory rules.
@ -113,9 +113,9 @@ appliesto:
1. Yes
1. **Is there an ability to control or disable the use of ports on the device?**
1. The HoloLens only contains 2 ports (one for headphones and one for charging or connecting to PCs). There is not ability to disable the port due to functionality and recovery reasons.
1. **Antivirus, end point detection, IPS, app control whitelist Any ability to run antivirus, end point detection, IPS, app control whitelist, etc.**
1. **Antivirus, end point detection, IPS, app control allow Any ability to run antivirus, end point detection, IPS, app control allow, etc.**
1. HoloLens 2nd Gen supports Windows Defender Smart Screen. If an antivirus company were to create and publish their app to the Universal Windows Platform, it could be downloaded on HoloLens. At present, no companies have done this for HoloLens.
1. Whitelisting apps is possible by using the Microsoft Enterprise Store, where you can choose only what specific apps can be downloaded. Also, through MDM you can lock what specific apps can be run or even seen on the device.
1. Allowing apps is possible by using the Microsoft Enterprise Store, where you can choose only what specific apps can be downloaded. Also, through MDM you can lock what specific apps can be run or even seen on the device.
1. **Can we quarantine the device from prod network until we update the device if it has been offline for an extended period of time? Ex. Device has been sitting in a drawer not powered up for a period (6 months) and has not received any updates, patches, etc. When it tries to come on the network can we flag it and say you must update on another network prior to being complaint to join the network.**
1. This is something that can be managed on the infrastructure level by either an MDM or an on-prem server. The device can be flagged as not compliant if it does not meet a specified Update version.
1. **Does Microsoft include any back doors or access to services that allows Microsoft to connect to the device for screen sharing or remote support at will?**

2
devices/hololens/hololens-offline.md
View File

@ -22,7 +22,7 @@ appliesto:
# Manage connection endpoints for HoloLens
Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be whitelisted in your network configuration (e.g. proxy or firewall) for those components to be functional.
Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be allowed in your network configuration (e.g. proxy or firewall) for those components to be functional.
## Near-offline setup

2
devices/hololens/hololens-requirements.md
View File

@ -23,7 +23,7 @@ This document also assumes that the HoloLens has been evaluated by security team
1. [Determine what features you need](hololens-requirements.md#step-1-determine-what-you-need)
1. [Determine what licenses you need](hololens-licenses-requirements.md)
1. [Configure your network for HoloLens](hololens-commercial-infrastructure.md).
1. This section includes bandwidth requirements, URL, and ports that need to be whitelisted on your firewall; Azure AD guidance; Mobile Device Management (MDM) Guidance; app deployment/management guidance; and certificate guidance.
1. This section includes bandwidth requirements, URL, and ports that need to be allowed on your firewall; Azure AD guidance; Mobile Device Management (MDM) Guidance; app deployment/management guidance; and certificate guidance.
1. (Optional) [Configure HoloLens using a provisioning package](hololens-provisioning.md)
1. [Enroll Device](hololens-enroll-mdm.md)
1. [Set up ring based updates for HoloLens](hololens-updates.md)

4
devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
View File

@ -21,10 +21,10 @@ The Microsoft Surface Hub's device account uses ActiveSync to sync mail and cale
For these features to work, the ActiveSync policies for your organization must be configured as follows:
- There can't be any global policies that block synchronization of the resource mailbox that's being used by the Surface Hubs device account. If there is such a blocking policy, you need to whitelist the Surface Hub as an allowed device.
- There can't be any global policies that block synchronization of the resource mailbox that's being used by the Surface Hubs device account. If there is such a blocking policy, you need to add the Surface Hub as an allowed device.
- You must set a mobile device mailbox policy where the **PasswordEnabled** setting is set to False. Other mobile device mailbox policy settings are not compatible with the Surface Hub.
## Whitelisting the DeviceID
## Allowing the DeviceID
Your organization may have a global policy that prevents syncing of device accounts provisioned on Surface Hubs. To configure this property, see [Allowing device IDs for ActiveSync](appendix-a-powershell-scripts-for-surface-hub.md#whitelisting-device-ids-cmdlet).

2
devices/surface-hub/create-and-test-a-device-account-surface-hub.md
View File

@ -38,7 +38,7 @@ This table explains the main steps and configuration decisions when you create a
| 2 | Configure mailbox properties | The mailbox must be configured with the correct properties to enable the best meeting experience on Surface Hub. For more information on mailbox properties, see [Mailbox properties](exchange-properties-for-surface-hub-device-accounts.md). |
| 3 | Apply a compatible mobile device mailbox policy to the mailbox | Surface Hub is managed using mobile device management (MDM) rather than through mobile device mailbox policies. For compatibility, the device account must have a mobile device mailbox policy where the **PasswordEnabled** setting is set to False. Otherwise, Surface Hub can't sync mail and calendar info. |
| 4 | Enable mailbox with Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business must be enabled to use conferencing features like video calls, IM, and screen sharing. |
| 5 | (Optional) Whitelist ActiveSync Device ID | Your organization may have a global policy that prevents device accounts from syncing mail and calendar info. If so, you need to whitelist the ActiveSync Device ID of your Surface Hub. |
| 5 | (Optional) Whitelist ActiveSync Device ID | Your organization may have a global policy that prevents device accounts from syncing mail and calendar info. If so, you need to allow the ActiveSync Device ID of your Surface Hub. |
| 6 | (Optional) Disable password expiration | To simplify management, you can turn off password expiration for the device account and allow Surface Hub to automatically rotate the device account password. For more information about password management, see [Password management](password-management-for-surface-hub-device-accounts.md). |
## Detailed configuration steps

2
devices/surface-hub/troubleshoot-surface-hub.md
View File

@ -415,7 +415,7 @@ Possible fixes for issues with Surface Hub first-run program.
<td align="left"><p>Can't sync mail/calendar.</p></td>
<td align="left"><p>The account has not allowed the Surface Hub as an allowed device.</p></td>
<td align="left"><p>0x86000C1C</p></td>
<td align="left"><p>Add the Surface Hub device ID to the whitelist by setting the <strong>ActiveSyncAllowedDeviceIds</strong> property for the mailbox.</p></td>
<td align="left"><p>Add the Surface Hub device ID to the allowed list by setting the <strong>ActiveSyncAllowedDeviceIds</strong> property for the mailbox.</p></td>
</tr>
</tbody>
</table>