mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 05:13:40 +00:00
Updated as per feedback
This commit is contained in:
Alekhya Jupudi
@ -32,7 +32,7 @@ ms.technology: windows-sec
|
||||
Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId Tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId Tagging policy, use one of the following methods to deploy:
|
||||
|
||||
1. [Deploy AppId Tagging Policies with MDM](#deploy-appid-tagging-policies-with-mdm)
|
||||
1. [Deploy policies with MEMCM](#deploy-appid-tagging-policies-with-memcm)
|
||||
1. [Deploy policies with Microsoft Endpoint Configuration Manager](#deploy-appid-tagging-policies-with-memcm)
|
||||
1. [Deploy policies using scripting](#deploy-appid-tagging-policies-via-scripting)
|
||||
1. [Deploy using the ApplicationControl CSP](#deploying-policies-via-the-applicationcontrol-csp)
|
||||
|
||||
@ -42,7 +42,7 @@ Custom AppId Tagging policies can be deployed to endpoints using [the OMA-URI fe
|
||||
|
||||
## Deploy AppId Tagging Policies with MEMCM
|
||||
|
||||
Custom AppId Tagging policies can deployed via MEMCM using the [deployment task sequences](/deployment/deploy-windows-defender-application-control-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users.
|
||||
Custom AppId Tagging policies can deployed via Configuration Manager using the [deployment task sequences](/deployment/deploy-windows-defender-application-control-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users.
|
||||
|
||||
### Deploy AppId Tagging Policies via Scripting
|
||||
|
||||
|
||||
@ -125,7 +125,7 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS
|
||||
</RuleCollection>
|
||||
```
|
||||
|
||||
4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Microsoft Endpoint Config Manager (MEMCM)and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This ensures the policy will merge successfully on devices which may already have an AppLocker policy in place.
|
||||
4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Configuration Manager and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This ensures the policy will merge successfully on devices which may already have an AppLocker policy in place.
|
||||
|
||||
```xml
|
||||
<AppLockerPolicy Version="1">
|
||||
|
||||
@ -157,7 +157,7 @@ Policies should be thoroughly evaluated and first rolled out in audit mode befor
|
||||
|
||||
1. Mobile Device Management (MDM): [Deploy Windows Defender Application Control (WDAC) policies using Mobile Device Management (MDM) (Windows)](deploy-windows-defender-application-control-policies-using-intune.md)
|
||||
|
||||
2. Microsoft Endpoint Configuration Manager (MEMCM): [Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows)](deployment/deploy-wdac-policies-with-memcm.md)
|
||||
2. Configuration Manager: [Deploy Windows Defender Application Control (WDAC) policies by using Configuration Manager (Windows)](deployment/deploy-wdac-policies-with-memcm.md)
|
||||
|
||||
3. Scripting [Deploy Windows Defender Application Control (WDAC) policies using script (Windows)](deployment/deploy-wdac-policies-with-script.md)
|
||||
|
||||
|
||||
@ -46,13 +46,9 @@ Alice previously created a policy for the organization's lightly managed devices
|
||||
Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed devices:
|
||||
|
||||
- All clients are running Windows 10 version 1903 or above or Windows 11;
|
||||
- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune;
|
||||
|
||||
> [!NOTE]
|
||||
> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager.
|
||||
|
||||
- Most, but not all, apps are deployed using MEMCM;
|
||||
- Sometimes, IT staff install apps directly to these devices without using MEMCM;
|
||||
- All clients are managed by Microsoft Endpoint Manager either with Configuration Manager or with Intune;
|
||||
- Most, but not all, apps are deployed using Configuration Manager;
|
||||
- Sometimes, IT staff install apps directly to these devices without using Configuration Manager;
|
||||
- All users except IT are standard users on these devices.
|
||||
|
||||
Alice's team develops a simple console application, called *LamnaITInstaller.exe*, which will become the authorized way for IT staff to install apps directly to devices. *LamnaITInstaller.exe* allows the IT pro to launch another process, such as an app installer. Alice will configure *LamnaITInstaller.exe* as an additional managed installer for WDAC and allows her to remove the need for filepath rules.
|
||||
@ -64,8 +60,8 @@ Based on the above, Alice defines the pseudo-rules for the policy:
|
||||
- WHQL (3rd party kernel drivers)
|
||||
- Windows Store signed apps
|
||||
|
||||
2. **"MEMCM works”** rules that include signer and hash rules for MEMCM components to properly function
|
||||
3. **Allow Managed Installer** (MEMCM and *LamnaITInstaller.exe* configured as a managed installer)
|
||||
2. **"MEMCM works”** rules that include signer and hash rules for Configuration Manager components to properly function.
|
||||
3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer)
|
||||
|
||||
The critical differences between this set of pseudo-rules and those defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are:
|
||||
|
||||
@ -74,14 +70,14 @@ The critical differences between this set of pseudo-rules and those defined for
|
||||
|
||||
## Create a custom base policy using an example WDAC base policy
|
||||
|
||||
Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully-managed devices. She decides to use MEMCM to create the initial base policy and then customize it to meet Lamna's needs.
|
||||
Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully-managed devices. She decides to use Configuration Manager to create the initial base policy and then customize it to meet Lamna's needs.
|
||||
|
||||
Alice follows these steps to complete this task:
|
||||
|
||||
> [!NOTE]
|
||||
> If you do not use MEMCM or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy.
|
||||
> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy.
|
||||
|
||||
1. [Use MEMCM to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11.
|
||||
1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11.
|
||||
|
||||
2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
|
||||
|
||||
@ -91,7 +87,7 @@ Alice follows these steps to complete this task:
|
||||
$MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
|
||||
```
|
||||
|
||||
3. Copy the policy created by MEMCM to the desktop:
|
||||
3. Copy the policy created by Configuration Manager to the desktop:
|
||||
|
||||
```powershell
|
||||
cp $MEMCMPolicy $LamnaPolicy
|
||||
|
||||
@ -46,12 +46,8 @@ For the majority of users and devices, Alice wants to create an initial policy t
|
||||
Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's lightly managed devices, which currently include most end-user devices:
|
||||
|
||||
- All clients are running Windows 10 version 1903 and above, or Windows 11;
|
||||
- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune;
|
||||
|
||||
> [!NOTE]
|
||||
> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager.
|
||||
|
||||
- Some, but not all, apps are deployed using MEMCM;
|
||||
- All clients are managed by Microsoft Endpoint Manager either with Configuration Manager or with Intune.
|
||||
- Some, but not all, apps are deployed using Configuration Manager;
|
||||
- Most users are local administrators on their devices;
|
||||
- Some teams may need additional rules to authorize specific apps that don't apply generally to all other users.
|
||||
|
||||
@ -62,8 +58,8 @@ Based on the above, Alice defines the pseudo-rules for the policy:
|
||||
- WHQL (3rd party kernel drivers)
|
||||
- Windows Store signed apps
|
||||
|
||||
2. **"MEMCM works”** rules which include signer and hash rules for MEMCM components to properly function
|
||||
3. **Allow Managed Installer** (MEMCM configured as a managed installer)
|
||||
2. **"MEMCM works”** rules which include signer and hash rules for Configuration Manager components to properly function
|
||||
3. **Allow Managed Installer** (Configuration Manager configured as a managed installer)
|
||||
4. **Allow Intelligent Security Graph (ISG)** (reputation-based authorization)
|
||||
5. **Admin-only path rules** for the following locations:
|
||||
- C:\Program Files\*
|
||||
@ -72,14 +68,14 @@ Based on the above, Alice defines the pseudo-rules for the policy:
|
||||
|
||||
## Create a custom base policy using an example WDAC base policy
|
||||
|
||||
Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's lightly managed devices. She decides to use MEMCM to create the initial base policy and then customize it to meet Lamna's needs.
|
||||
Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's lightly managed devices. She decides to use Configuration Manager to create the initial base policy and then customize it to meet Lamna's needs.
|
||||
|
||||
Alice follows these steps to complete this task:
|
||||
|
||||
> [!NOTE]
|
||||
> If you do not use MEMCM or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy.
|
||||
> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy.
|
||||
|
||||
1. [Use MEMCM to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 and above, or Windows 11.
|
||||
1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 and above, or Windows 11.
|
||||
|
||||
2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
|
||||
|
||||
@ -89,7 +85,7 @@ Alice follows these steps to complete this task:
|
||||
$MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
|
||||
```
|
||||
|
||||
3. Copy the policy created by MEMCM to the desktop:
|
||||
3. Copy the policy created by Configuration Manager to the desktop:
|
||||
|
||||
```powershell
|
||||
cp $MEMCMPolicy $LamnaPolicy
|
||||
|
||||
@ -31,18 +31,18 @@ You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Window
|
||||
|
||||
## Use MEMCM's built-in policies
|
||||
|
||||
MEMCM includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
|
||||
Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
|
||||
|
||||
- Windows components
|
||||
- Microsoft Store apps
|
||||
- Apps installed by MEMCM (MEMCM self-configured as a managed installer)
|
||||
- Apps installed by Configuration Manager (Configuration Manager self-configured as a managed installer)
|
||||
- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG)
|
||||
- [Optional] Apps and executables already installed in admin-definable folder locations that MEMCM will allow through a one-time scan during policy creation on managed endpoints.
|
||||
- [Optional] Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints.
|
||||
|
||||
Note that MEMCM does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
|
||||
Note that Configuration Manager does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
|
||||
|
||||
For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager).
|
||||
For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager).
|
||||
|
||||
## Deploy custom WDAC policies using Packages/Programs or Task Sequences
|
||||
|
||||
Using MEMCM's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.
|
||||
Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.
|
||||
|
||||
@ -42,4 +42,4 @@ When you create policies for use with Windows Defender Application Control (WDAC
|
||||
| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using Windows Defender Application Control. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
|
||||
| **DenyAllAudit.xml** | ***Warning: May cause long boot time on Windows Server 2019.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
|
||||
| **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service NuGet Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) |
|
||||
| **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM) can deploy a policy with MEMCM's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint |
|
||||
| **MEM Configuration Manager** | Customers who use Configuration Manager can deploy a policy with Configuration Manager's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint |
|
||||
|
||||
@ -34,7 +34,7 @@ ms.technology: windows-sec
|
||||
|-------------|------|-------------|
|
||||
| Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later | Available on Windows 8 or later |
|
||||
| SKU availability | Cmdlets are available on all SKUs on 1909+ builds.<br>For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. | Policies deployed through GP are only effective on Enterprise devices.<br>Policies deployed through MDM are effective on all SKUs. |
|
||||
| Management solutions | <ul><li>[Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)</li><li>[Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul> | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>MEMCM (custom policy deployment via Software Distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
|
||||
| Management solutions | <ul><li>[Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)</li><li>[Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul> | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via Software Distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
|
||||
| Per-User and Per-User group rules | Not available (policies are device-wide) | Available on Windows 8+ |
|
||||
| Kernel mode policies | Available on all Windows 10 versions and Windows 11 | Not available |
|
||||
| Per-app rules | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) | Not available |
|
||||
|
||||
@ -46,10 +46,7 @@ In the next set of topics, we will explore each of the above scenarios using a f
|
||||
|
||||
Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff.
|
||||
|
||||
Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
|
||||
|
||||
> [!NOTE]
|
||||
> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager.
|
||||
Lamna uses [Microsoft Endpoint Manager (MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use MEM to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
|
||||
|
||||
Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control.
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ The first step is to define the desired "circle-of-trust" for your WDAC policies
|
||||
|
||||
For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store.
|
||||
|
||||
Microsoft Endpoint Configuration Manager, previously known as System Center Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration.
|
||||
Configuration Manager uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration.
|
||||
|
||||
The following questions can help you plan your Windows Defender Application Control deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order, and are not meant to be an exhaustive set of design considerations.
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ If the file with good reputation is an application installer, its reputation wil
|
||||
WDAC periodically re-queries the reputation data on a file. Additionally, enterprises can specify that any cached reputation results are flushed on reboot by using the **Enabled:Invalidate EAs on Reboot** option.
|
||||
|
||||
>[!NOTE]
|
||||
>Admins should make sure there is a Windows Defender Application Control policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Manager Configuration Manager (MEMCM) and Microsoft Endpoint Manager Intune (MEM Intune) can be used to create and push a WDAC policy to your client machines.
|
||||
>Admins should make sure there is a Windows Defender Application Control policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager Intune can be used to create and push a WDAC policy to your client machines.
|
||||
|
||||
## Configuring Intelligent Security Graph authorization for Windows Defender Application Control
|
||||
|
||||
@ -90,7 +90,7 @@ In order for the heuristics used by the ISG to function properly, a number of co
|
||||
appidtel start
|
||||
```
|
||||
|
||||
This step isn't required for Windows Defender Application Control policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using MEMCM's WDAC integration.
|
||||
This step isn't required for Windows Defender Application Control policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using Configuration Manager's WDAC integration.
|
||||
|
||||
## Security considerations with the Intelligent Security Graph
|
||||
|
||||
|
||||
Reference in New Issue
Block a user