deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Identity Protection/VPN: grammar, links & spacing

Browse Source 
As reported in issue ticket #6556 (Traffic filter sentence incomplete),
there is a missing part in the sentence "Network admins to effectively
add interface specific firewall rules on the VPN Interface." to make it
work as a full descriptive sentence in this context. This PR aims to
correct this issue, in addition to various other adjustments.

Thanks to klishb for reporting this issue.

Changes proposed:
- Add the missing part of the Traffic Filters sentence
- Update 2 outdated and permanently redirected MSDN links
- Uppercase adjustments for "Traffic filters" & "Lockdown"
- Add MarkDown indent marker compatibility spacing in the Note blob
- Reduce bullet point spacing from 3 to 1 in the "Applies to" section
- Remove all redundant end-of-line spacing
- Add missing space after the corrected sentence (after the period)

Ticket closure or reference:

Closes #6556
This commit is contained in:
illfated 2020-04-23 22:35:19 +02:00
parent 158837a34d
commit e28f537634
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/identity-protection/vpn/vpn-security-features.md
View File

@ -32,17 +32,16 @@ A VPN profile configured with LockDown secures the device to only allow network
- Only one VPN LockDown profile is allowed on a device.
> [!NOTE]
>For built-in VPN, Lockdown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
Deploy this feature with caution as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
## Windows Information Protection (WIP) integration with VPN
Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
- Core functionality: File encryption and file access blocking
- UX policy enforcement: Restricting copy/paste, drag/drop, and sharing operations
@ -56,9 +55,9 @@ Additionally, when connecting with WIP, the admin does not have to specify AppTr
[Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)
## Traffic filters
## Traffic Filters
Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins to effectively add interface specific firewall rules on the VPN Interface.There are two types of Traffic Filter rules:
Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins can use Traffic Filters to effectively add interface specific firewall rules on the VPN Interface. There are two types of Traffic Filter rules:
- App-based rules. With app-based rules, a list of applications can be marked such that only traffic originating from these apps is allowed to go over the VPN interface.
- Traffic-based rules. Traffic-based rules are 5-tuple policies (ports, addresses, protocol) that can be specified such that only traffic matching these rules is allowed to go over the VPN interface.
@ -73,7 +72,7 @@ For example, an admin could define rules that specify:
## Configure traffic filters
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration.
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) for XML configuration.
The following image shows the interface to configure traffic rules in a VPN Profile configuration policy using Microsoft Intune.