deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 04:43:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fixed links

Browse Source
This commit is contained in:
jsuther1974
2022-12-03 12:57:25 -08:00
parent 00dc0bb103
commit d028ca47da
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
View File

@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
Some ways to obtain code signing certificates for your own use, include:
- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list.md).
- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root-docs/Participants-list.md).
- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
- Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
- Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).

2
windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
View File

@ -70,7 +70,7 @@ Before you attempt to deploy signed WDAC policy, you should first deploy an unsi
cd $PolicyPath
```
3. If your WDAC policy doesn't already include an **<UpdatePolicySigner>** rule for your policy signing certificate, you must add it. At least one **<UpdatePolicySigner>** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/config-ci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
3. If your WDAC policy doesn't already include an **<UpdatePolicySigner>** rule for your policy signing certificate, you must add it. At least one **<UpdatePolicySigner>** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/configci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
Otherwise, use [Add-SignerRule](/powershell/module/configci/add-signerrule) and create an **<UpdatePolicySigner>** rule from your certificate file (.cer). DGSS users can download the root certificate file from [Get-RootCertificate](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-rootcertificate). If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can export the certificate file.