deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fixing spacing issues

Browse Source
This commit is contained in:
Brian Lich
2016-05-18 12:02:55 -07:00
parent 880130b479
commit f53721da51
5 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/whats-new/applocker.md
View File

@ -8,16 +8,22 @@ ms.mktglfcycl: explore
ms.sitesec: library
author: brianlic-msft
---
# What's new in AppLocker?
**Applies to**
- Windows 10
- Windows 10 Mobile
AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
In Windows 10, AppLocker has added some improvements.
## New features in Windows 10
- A new parameter was added to the [New-AppLockerPolicy](http://technet.microsoft.com/library/hh847211.aspx) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this, set the **ServiceEnforcement** to **Enabled**.
- A new [AppLocker](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) configuration service provider was add to allow you to enable AppLocker rules by using an MDM server.
- You can manage Windows 10 Mobile devices by using the new [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx).
[Learn how to manage AppLocker within your organization](../keep-secure/applocker-overview.md).
 
 

5
windows/whats-new/device-guard-overview.md
View File

@ -3,16 +3,19 @@ title: Device Guard overview (Windows 10)
description: Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications.
ms.assetid: FFE244EE-5804-4CE8-A2A9-48F49DC3AEF2
ms.pagetype: security
keywords: ["Device Guard"]
keywords: Device Guard
ms.prod: W10
ms.mktglfcycl: explore
ms.sitesec: library
author: brianlic-msft
---
# Device Guard overview
**Applies to**
- Windows 10
- Windows 10 Mobile
Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If the app isnt trusted it cant run, period. It also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code after the computer restarts because of how decisions are made about what can run and when.
Device Guard uses the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service from the Microsoft Windows kernel itself, letting the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
For details on how to implement Device Guard, see [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md).