1.9 KiB
title, description, ms.reviewer, ms.author, ms.prod, ms.localizationpriority, author, manager, ms.collection, ms.topic, ms.date, ms.technology
| title | description | ms.reviewer | ms.author | ms.prod | ms.localizationpriority | author | manager | ms.collection | ms.topic | ms.date | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Documenting the Zones (Windows) | Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security. | dansimp | m365-security | medium | dansimp | dansimp | M365-security-compliance | conceptual | 09/07/2021 | windows-sec |
Documenting the Zones
Applies to
- Windows 10
- Windows 11
- Windows Server 2016 and above
Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the Designing a Windows Defender Firewall with Advanced Security Strategy section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Defender Firewall with Advanced Security Strategy section. A sample is shown here:
| Host name | Hardware reqs met | Software reqs met | Configuration required | Details | Projected cost | Group | | - | - | - | - | - | - | | CLIENT001 | No| No| Upgrade hardware and software.| Current operating system is Windows XP. Old hardware not compatible with newer versions of Windows.| $??| Isolated domain| | SERVER002 | Yes| No| Join trusted domain, upgrade from Windows Server 2008 to at least Windows Server 2012| No antivirus software present.| $??| Encryption| | SENSITIVE001 | Yes| Yes| Not required.| Running Windows Server 2012. Ready for inclusion.| $0| Isolated server (in zone by itself)| | PRINTSVR1 | Yes| Yes| Not required.| Running Windows Server 2008 R2. Ready for inclusion.| $0| Boundary|
Next: Planning Group Policy Deployment for Your Isolation Zones