deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-28 16:53:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3307 from MicrosoftDocs/master

Browse Source 
Publish 07/16/2020 3:32 PM
This commit is contained in:
Gary Moore
2020-07-16 15:47:16 -07:00
committed by GitHub
parent c790fbc3b5 9615271579
commit fa3c1f9414
4 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/policy-csp-update.md
View File

@ -3256,7 +3256,7 @@ The following list shows the supported values:
<!--/Scope--> <!--/Scope-->
<!--Description--> <!--Description-->
> [!NOTE] > [!NOTE]
> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. > This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.

2
windows/client-management/mdm/update-csp.md
View File

@ -17,7 +17,7 @@ ms.date: 02/23/2018
The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. The Update configuration service provider enables IT administrators to manage and control the rollout of new updates.
> [!Note] > [!Note]
> All aspects of the Update CSP aside from Rollback are not recommended for managing desktop devices. To manage desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation. Rollback can be used for desktop devices on 1803 and above. > The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies.
The following diagram shows the Update configuration service provider in tree format. The following diagram shows the Update configuration service provider in tree format.

1
windows/privacy/manage-windows-2004-endpoints.md
View File

@ -85,6 +85,7 @@ The following methodology was used to derive these network endpoints:
|||HTTPS|*ow1.res.office365.com| |||HTTPS|*ow1.res.office365.com|
|||HTTPS|office.com| |||HTTPS|office.com|
|||HTTPS|blobs.officehome.msocdn.com| |||HTTPS|blobs.officehome.msocdn.com|
|||HTTPS|self.events.data.microsoft.com|
|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)| |OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
|||TLSv1.2|*g.live.com| |||TLSv1.2|*g.live.com|
|||TLSv1.2|oneclient.sfx.ms| |||TLSv1.2|oneclient.sfx.ms|

23
windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
View File

@ -60,19 +60,21 @@ For more information about disabling local list merging, see [Prevent or allow u
## Intune ## Intune
1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
1. Click **Device configuration** > **Profiles** > **Create profile**.
1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
1. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.
![Enable controlled folder access in Intune](../images/enable-cfa-intune.png) 2. Click **Device configuration** > **Profiles** > **Create profile**.
3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. <br/> ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) <br/>
4. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
5. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.<br/> ![Enable controlled folder access in Intune](../images/enable-cfa-intune.png)<br/>
> [!NOTE] > [!NOTE]
> Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. > Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
1. Click **OK** to save each open blade and click **Create**. 6. Click **OK** to save each open blade and click **Create**.
1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
## MDM ## MDM
@ -81,12 +83,17 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
## Microsoft Endpoint Configuration Manager ## Microsoft Endpoint Configuration Manager
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. 1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
2. Click **Home** > **Create Exploit Guard Policy**. 2. Click **Home** > **Create Exploit Guard Policy**.
3. Enter a name and a description, click **Controlled folder access**, and click **Next**. 3. Enter a name and a description, click **Controlled folder access**, and click **Next**.
4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**. 4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.
> [!NOTE] > [!NOTE]
> Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. > Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
5. Review the settings and click **Next** to create the policy. 5. Review the settings and click **Next** to create the policy.
6. After the policy is created, click **Close**. 6. After the policy is created, click **Close**.
## Group Policy ## Group Policy