mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
Update ms.topic
This commit is contained in:
Vinay Pamnani (from Dev Box)
parent
31265cfecb
commit
f5963a72d6
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Diagnose Provisioning Packages
|
||||
description: Diagnose general failures in provisioning.
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
ms.date: 01/18/2023
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configuration service providers for IT pros
|
||||
description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Provision PCs with common settings
|
||||
description: Create a provisioning package to apply common settings to a PC running Windows 10.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Provision PCs with apps
|
||||
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Apply a provisioning package
|
||||
description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Configuration Designer command-line interface
|
||||
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Create a provisioning package
|
||||
description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: How provisioning works in Windows 10/11
|
||||
description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Install Windows Configuration Designer
|
||||
description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.reviewer: kevinsheehan
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Create a provisioning package with multivariant settings
|
||||
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Provisioning packages overview
|
||||
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
|
||||
ms.reviewer: kevinsheehan
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: PowerShell cmdlets for provisioning Windows 10/11
|
||||
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use a script to install a desktop app in provisioning packages
|
||||
description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Uninstall a provisioning package - reverted settings
|
||||
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
|
||||
@ -6,7 +6,7 @@ author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.date: 03/26/2024
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
appliesto:
|
||||
- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
|
||||
- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
|
||||
|
||||
@ -3,7 +3,7 @@ title: Testing and Debugging AppId Tagging Policies
|
||||
description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/29/2022
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
---
|
||||
|
||||
# Testing and Debugging AppId Tagging Policies
|
||||
@ -11,28 +11,28 @@ ms.topic: article
|
||||
> [!NOTE]
|
||||
> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
|
||||
|
||||
After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event.
|
||||
After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event.
|
||||
|
||||
## Verifying Tags on Running Processes
|
||||
|
||||
After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed.
|
||||
After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed.
|
||||
|
||||
1. Download and Install the Windows Debugger
|
||||
1. Download and Install the Windows Debugger
|
||||
|
||||
[Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes.
|
||||
[Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes.
|
||||
|
||||
2. Get the Process ID (PID) of the process under validation
|
||||
|
||||
Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step.
|
||||
Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Use WinDbg to inspect the process
|
||||
|
||||
After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process.
|
||||
After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process.
|
||||
|
||||
|
||||
|
||||
|
||||
Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
|
||||
Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploying Windows Defender Application Control AppId tagging policies
|
||||
description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/29/2022
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Deploying Windows Defender Application Control AppId tagging policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Create your Windows Defender Application Control AppId Tagging Policies
|
||||
description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/29/2022
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Creating your WDAC AppId Tagging Policies
|
||||
@ -17,12 +17,12 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
|
||||
|
||||
1. Create a new base policy using the templates:
|
||||
|
||||
Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
|
||||
Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
|
||||
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
|
||||
> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
|
||||
For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
|
||||
|
||||
2. Set the following rule-options using the Wizard toggles:
|
||||
@ -31,13 +31,13 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
|
||||
|
||||
3. Create custom rules:
|
||||
|
||||
Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
|
||||
Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
|
||||
|
||||
- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
|
||||
- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
|
||||
- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
|
||||
- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
|
||||
- File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name.
|
||||
- Package app name rules: Create a rule based off the package family name of an appx/msix.
|
||||
- Hash rules: Create a rule based off the PE Authenticode hash of a file.
|
||||
- Hash rules: Create a rule based off the PE Authenticode hash of a file.
|
||||
|
||||
For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules).
|
||||
|
||||
@ -48,9 +48,9 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
|
||||
```powershell
|
||||
Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
|
||||
```
|
||||
The policyID GUID is returned by the PowerShell command if successful.
|
||||
The policyID GUID is returned by the PowerShell command if successful.
|
||||
|
||||
## Create the policy using PowerShell
|
||||
## Create the policy using PowerShell
|
||||
|
||||
Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance:
|
||||
|
||||
@ -72,20 +72,20 @@ Using this method, you create an AppId Tagging policy directly using the WDAC Po
|
||||
Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
|
||||
```
|
||||
|
||||
If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
|
||||
|
||||
If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
|
||||
|
||||
4. Set the name and ID on the policy, which is helpful for future debugging:
|
||||
|
||||
```powershell
|
||||
Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
|
||||
```
|
||||
The policyID GUID is returned by the PowerShell command if successful.
|
||||
The policyID GUID is returned by the PowerShell command if successful.
|
||||
|
||||
## Deploy for Local Testing
|
||||
|
||||
After creating your AppId Tagging policy in the above steps, you can deploy the policy to your local machine for testing before broadly deploying the policy to your endpoints:
|
||||
|
||||
1. Depending on your deployment method, convert the xml to binary:
|
||||
1. Depending on your deployment method, convert the xml to binary:
|
||||
|
||||
```powershell
|
||||
Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip"
|
||||
|
||||
@ -3,7 +3,7 @@ title: Designing, creating, managing and troubleshooting Windows Defender Applic
|
||||
description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/27/2022
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# WDAC Application ID (AppId) Tagging guide
|
||||
@ -13,17 +13,17 @@ ms.topic: article
|
||||
|
||||
## AppId Tagging Feature Overview
|
||||
|
||||
The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't.
|
||||
The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't.
|
||||
|
||||
## AppId Tagging Feature Availability
|
||||
|
||||
The WDAC AppId Tagging feature is available on the following versions of the Windows platform:
|
||||
The WDAC AppId Tagging feature is available on the following versions of the Windows platform:
|
||||
|
||||
Client:
|
||||
Client:
|
||||
- Windows 10 20H1, 20H2 and 21H1 versions only
|
||||
- Windows 11
|
||||
|
||||
Server:
|
||||
Server:
|
||||
- Windows Server 2022
|
||||
|
||||
## In this section
|
||||
|
||||
@ -3,7 +3,7 @@ title: Use audit events to create WDAC policy rules
|
||||
description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/03/2018
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Use audit events to create WDAC policy rules
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploy WDAC policies via Group Policy
|
||||
description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 01/23/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Deploy Windows Defender Application Control policies by using Group Policy
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploy Windows Defender Application Control (WDAC) policies using script
|
||||
description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
|
||||
ms.manager: jsuther
|
||||
ms.date: 01/23/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Remove Windows Defender Application Control policies
|
||||
description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/04/2022
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Remove Windows Defender Application Control (WDAC) policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Enforce Windows Defender Application Control (WDAC) policies
|
||||
description: Learn how to switch a WDAC policy from audit to enforced mode.
|
||||
ms.manager: jsuther
|
||||
ms.date: 04/22/2021
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Merge Windows Defender Application Control policies (WDAC)
|
||||
description: Learn how to merge WDAC policies as part of your policy lifecycle management.
|
||||
ms.manager: jsuther
|
||||
ms.date: 04/22/2021
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Allow COM object registration in a WDAC policy
|
||||
description: You can allow COM object registration in a Windows Defender Application Control policy.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/05/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Allow COM object registration in a Windows Defender Application Control policy
|
||||
@ -153,11 +153,11 @@ The table that follows describes the list of COM objects that are inherently tru
|
||||
| scrrun.dll | 0D43FE01-F093-11CF-8940-00A0C9054228 |
|
||||
| vbscript.dll | 3F4DACA4-160D-11D2-A8E9-00104B365C9F |
|
||||
| WEX.Logger.Log | 70B46225-C474-4852-BB81-48E0D36F9A5A |
|
||||
| TE.Common.TestData | 1d68f3c0-b5f8-4abd-806a-7bc57cdce35a |
|
||||
| TE.Common.TestData | 1d68f3c0-b5f8-4abd-806a-7bc57cdce35a |
|
||||
| TE.Common.RuntimeParameters | 9f3d4048-6028-4c5b-a92d-01bc977af600 |
|
||||
| TE.Common.Verify | e72cbabf-8e48-4d27-b14e-1f347f6ec71a |
|
||||
| TE.Common.Interruption | 5850ba6f-ce72-46d4-a29b-0d3d9f08cc0b |
|
||||
| msxml6.dll | 2933BF90-7B36-11d2-B20E-00C04F983E60 |
|
||||
| msxml6.dll | 2933BF90-7B36-11d2-B20E-00C04F983E60 |
|
||||
| msxml6.dll | ED8C108E-4349-11D2-91A4-00C04F7969E8 |
|
||||
| mmcndmgr.dll | ADE6444B-C91F-4E37-92A4-5BB430A33340 |
|
||||
| puiobj.dll | B021FF57-A928-459C-9D6C-14DED0C9BED2 |
|
||||
|
||||
@ -3,7 +3,7 @@ title: Policy creation for common WDAC usage scenarios
|
||||
description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/05/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Defender Application Control deployment in different scenarios: types of devices
|
||||
@ -15,7 +15,7 @@ Typically, deployment of Windows Defender Application Control (WDAC) happens bes
|
||||
|
||||
## Types of devices
|
||||
|
||||
| Type of device | How WDAC relates to this type of device |
|
||||
| Type of device | How WDAC relates to this type of device |
|
||||
|------------------------------------|------------------------------------------------------|
|
||||
| **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | Windows Defender Application Control can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. |
|
||||
| **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request for more software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline Windows Defender Application Control policy can be established and enforced. Whenever the IT department approves more applications, it updates the WDAC policy and (for unsigned LOB applications) the catalog. |
|
||||
|
||||
@ -3,7 +3,7 @@ title: Allow apps deployed with a WDAC managed installer
|
||||
description: Explains how to configure a custom Managed Installer.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 02/02/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Automatically allow apps deployed by a managed installer with Windows Defender Application Control
|
||||
@ -78,7 +78,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
|
||||
```
|
||||
|
||||
3. Manually edit your AppLocker policy and add the EXE and DLL rule collections with at least one rule for each. To ensure your policy can be safely applied on systems that may already have an active AppLocker policy, we recommend using a benign DENY rule to block a fake binary and set the rule collection's EnforcementMode to AuditOnly. Additionally, since many installation processes rely on services, you need to enable services tracking for each of those rule collections. The following example shows a partial AppLocker policy with the EXE and DLL rule collection configured as recommended.
|
||||
|
||||
|
||||
```xml
|
||||
<RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
|
||||
<FilePathRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Benign DENY Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
|
||||
@ -147,7 +147,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
|
||||
</RuleCollectionExtensions>
|
||||
</RuleCollection>
|
||||
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
|
||||
<FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
|
||||
<FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
|
||||
<Conditions>
|
||||
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE">
|
||||
<BinaryVersionRange LowSection="1.39.200.2" HighSection="*" />
|
||||
@ -183,7 +183,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
|
||||
```console
|
||||
appidtel.exe start [-mionly]
|
||||
```
|
||||
|
||||
|
||||
Specify "-mionly" if you don't plan to use the Intelligent Security Graph (ISG).
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -3,7 +3,7 @@ title: Create WDAC Deny Policy
|
||||
description: Explains how to create WDAC deny policies
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Guidance on Creating WDAC Deny Policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Create a WDAC policy using a reference computer
|
||||
description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 08/08/2022
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Create a WDAC policy using a reference computer
|
||||
|
||||
@ -3,7 +3,7 @@ title: Use multiple Windows Defender Application Control Policies
|
||||
description: Windows Defender Application Control supports multiple code integrity policies for one device.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/15/2024
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Use multiple Windows Defender Application Control Policies
|
||||
|
||||
@ -3,7 +3,7 @@ title: Manage packaged apps with WDAC
|
||||
description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 03/01/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Manage Packaged Apps with Windows Defender Application Control
|
||||
|
||||
@ -6,7 +6,7 @@ ms.collection:
|
||||
- tier3
|
||||
- must-keep
|
||||
ms.date: 01/24/2024
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Microsoft recommended driver block rules
|
||||
|
||||
@ -3,7 +3,7 @@ title: Plan for WDAC policy management
|
||||
description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/22/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Plan for Windows Defender Application Control lifecycle policy management
|
||||
@ -25,7 +25,7 @@ Most Windows Defender Application Control policies will evolve over time and pro
|
||||
4. Repeat steps 2-3 until the remaining block events meet expectations.
|
||||
5. [Generate the enforced mode version](/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies) of the policy. In enforced mode, files that the policy doesn't allow are prevented from running and corresponding block events are generated.
|
||||
6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
|
||||
7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.
|
||||
7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand WDAC script enforcement
|
||||
description: WDAC script enforcement
|
||||
ms.manager: jsuther
|
||||
ms.date: 05/26/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control (WDAC) policy rules and f
|
||||
description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/22/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understand Windows Defender Application Control (WDAC) policy rules and file rules
|
||||
|
||||
@ -3,10 +3,10 @@ title: Understand Windows Defender Application Control policy design decisions
|
||||
description: Understand Windows Defender Application Control policy design decisions.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 02/08/2018
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understand Windows Defender Application Control policy design decisions
|
||||
# Understand Windows Defender Application Control policy design decisions
|
||||
|
||||
> [!NOTE]
|
||||
> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
|
||||
@ -56,8 +56,8 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
|
||||
| Possible answers | Design considerations |
|
||||
| - | - |
|
||||
| All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
|
||||
| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. |
|
||||
|
||||
| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. |
|
||||
|
||||
### Are there specific groups in your organization that need customized application control policies?
|
||||
|
||||
Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings
|
||||
description: Learn about secure settings in Windows Defender Application Control.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/05/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understanding WDAC Policy Settings
|
||||
|
||||
@ -3,10 +3,10 @@ title: Use a Windows Defender Application Control policy to control specific plu
|
||||
description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/02/2022
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
|
||||
# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
|
||||
|
||||
> [!NOTE]
|
||||
> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Authorize reputable apps with the Intelligent Security Graph (ISG)
|
||||
description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
|
||||
description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Authorize reputable apps with the Intelligent Security Graph (ISG)
|
||||
@ -42,29 +42,29 @@ Setting up the ISG is easy using any management solution you wish. Configuring t
|
||||
To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This step can be done with the Set-RuleOption cmdlet. You should also set the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option isn't recommended for devices that don't have regular access to the internet. The following example shows both options set.
|
||||
|
||||
```xml
|
||||
<Rules>
|
||||
<Rule>
|
||||
<Option>Enabled:Unsigned System Integrity Policy</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:Advanced Boot Options Menu</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Required:Enforce Store Applications</Option>
|
||||
</Rule>
|
||||
<Rules>
|
||||
<Rule>
|
||||
<Option>Enabled:Unsigned System Integrity Policy</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:Advanced Boot Options Menu</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Required:Enforce Store Applications</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:UMCI</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:Managed Installer</Option>
|
||||
<Option>Enabled:Managed Installer</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:Intelligent Security Graph Authorization</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:Invalidate EAs on Reboot</Option>
|
||||
</Rule>
|
||||
</Rules>
|
||||
<Rule>
|
||||
<Option>Enabled:Intelligent Security Graph Authorization</Option>
|
||||
</Rule>
|
||||
<Rule>
|
||||
<Option>Enabled:Invalidate EAs on Reboot</Option>
|
||||
</Rule>
|
||||
</Rules>
|
||||
```
|
||||
|
||||
### Enable the necessary services to allow WDAC to use the ISG correctly on the client
|
||||
@ -91,7 +91,7 @@ Since the ISG only allows binaries that are "known good", there are cases where
|
||||
|
||||
Packaged apps aren't supported with the ISG and will need to be separately authorized in your WDAC policy. Since packaged apps have a strong app identity and must be signed, it's straightforward to [authorize packaged apps](/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) with your WDAC policy.
|
||||
|
||||
The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
|
||||
The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
|
||||
|
||||
> [!NOTE]
|
||||
> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
|
||||
|
||||
@ -3,7 +3,7 @@ title: Windows Defender Application Control and .NET
|
||||
description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 11/22/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Defender Application Control (WDAC) and .NET
|
||||
@ -41,7 +41,7 @@ Additionally, customers can precompile for deployment only to prevent an allowed
|
||||
To enable Dynamic Code Security, add the following option to the `<Rules>` section of your WDAC policy:
|
||||
|
||||
```xml
|
||||
<Rule>
|
||||
<Option>Enabled:Dynamic Code Security</Option>
|
||||
<Rule>
|
||||
<Option>Enabled:Dynamic Code Security</Option>
|
||||
</Rule>
|
||||
```
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understanding Application Control event tags
|
||||
description: Learn what different Windows Defender Application Control event tags signify.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/09/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Understanding Application Control event tags
|
||||
|
||||
@ -3,7 +3,7 @@ title: Inbox WDAC policies
|
||||
description: This article describes the inbox WDAC policies that may be active on a device.
|
||||
ms.manager: jsuther
|
||||
ms.date: 03/10/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: WDAC Admin Tips & Known Issues
|
||||
description: WDAC Known Issues
|
||||
ms.manager: jsuther
|
||||
ms.date: 04/15/2024
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
@ -84,7 +84,7 @@ msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E
|
||||
As a workaround, download the MSI file and run it locally:
|
||||
|
||||
```console
|
||||
msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
|
||||
msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
|
||||
```
|
||||
|
||||
### Slow boot and performance with custom policies
|
||||
@ -93,7 +93,7 @@ WDAC evaluates all processes that run, including inbox Windows processes. You ca
|
||||
|
||||
#### AppId Tagging policy considerations
|
||||
|
||||
AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
|
||||
AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
|
||||
|
||||
If you can't allowlist the Windows signers or build off the WDAC base templates, add the following rule to your policies to improve the performance:
|
||||
|
||||
|
||||
@ -3,10 +3,10 @@ title: Query Application Control events with Advanced Hunting
|
||||
description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 03/01/2022
|
||||
ms.topic: article
|
||||
ms.topic: troubleshooting
|
||||
---
|
||||
|
||||
# Querying Application Control events centrally using Advanced hunting
|
||||
# Querying Application Control events centrally using Advanced hunting
|
||||
|
||||
A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode.
|
||||
While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems.
|
||||
@ -65,7 +65,7 @@ The query results can be used for several important functions related to managin
|
||||
Query Example #2: Query to determine audit blocks in the past seven days
|
||||
|
||||
```
|
||||
DeviceEvents
|
||||
DeviceEvents
|
||||
| where ActionType startswith "AppControlExecutableAudited"
|
||||
| where Timestamp > ago(7d)
|
||||
|project DeviceId, // the device ID where the audit block happened
|
||||
|
||||
@ -3,7 +3,7 @@ title: WDAC and AppLocker Overview
|
||||
description: Compare Windows application control technologies.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 01/03/2024
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Defender Application Control and AppLocker Overview
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Sandbox architecture
|
||||
description: Windows Sandbox architecture
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 03/26/2024
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Sandbox configuration
|
||||
description: Windows Sandbox configuration
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
ms.date: 03/26/2024
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Sandbox
|
||||
description: Windows Sandbox overview
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
ms.date: 03/26/2024
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
|
||||
description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# What is Microsoft Baseline Security Analyzer and its uses?
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Account protection in Windows Security
|
||||
description: Use the Account protection section to manage security for your account and sign in to Microsoft.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App & browser control in Windows Security
|
||||
description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# App and browser control
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Customize Windows Security contact information in Windows Security
|
||||
description: Provide information to your employees on how to contact your IT department when a security issue occurs
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Customize the Windows Security settings for your organization
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Device & performance health in Windows Security
|
||||
description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
|
||||
ms.date: 07/31/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Device security in Windows Security
|
||||
description: Use the Device security section to manage security built into your device, including Virtualization-based security.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Device security
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Family options in Windows Security
|
||||
description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Firewall and network protection in Windows Security
|
||||
description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Firewall and network protection
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Hide notifications from Windows Security
|
||||
description: Prevent Windows Security notifications from appearing on user endpoints
|
||||
ms.date: 07/31/2023
|
||||
ms.topic: article
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Hide Windows Security notifications
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Virus and threat protection in Windows Security
|
||||
description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Virus and threat protection
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Windows Security
|
||||
description: Windows Security brings together common Windows security features into one place.
|
||||
ms.date: 08/11/2023
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Windows Security
|
||||
|
||||
@ -6,7 +6,7 @@ author: aczechowski
|
||||
ms.author: aaroncz
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Mitigate threats by using Windows 10 security features
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user