deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md
Paolo Matarazzo 7d2719375b PDE updates
2023-06-01 08:04:00 -04:00

3.9 KiB
Raw Blame History

title, description, ms.topic, ms.date
title description ms.topic ms.date
Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE in Intune Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE in Intune how-to 03/13/2023

Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE

Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps.

Disable Windows Error Reporting (WER)/user-mode crash dumps in Intune

To disable Windows Error Reporting (WER) and user-mode crash dumps using Intune, follow the below steps:

  1. Sign in to the Microsoft Intune admin center
  2. In the Home screen, select Devices in the left pane
  3. In the Devices | Overview screen, under Policy, select Configuration Profiles
  4. In the Devices | Configuration profiles screen, make sure Profiles is selected at the top, and then select Create profile
  5. In the Create profile window that opens:
    1. Under Platform, select Windows 10 and later
    2. Under Profile type, select Settings catalog
    3. Select Create to close the Create profile window
  6. The Create profile screen will open. In the Basics page:
    1. Next to Name, enter Disable Windows Error Reporting (WER)
    2. Next to Description, enter a description
    3. Select Next
  7. In the Configuration settings page:
    1. Select Add settings
    2. In the Settings picker window that opens:
      1. Under Browse by category, expand Administrative Templates
      2. Under Administrative Templates, scroll down and expand Windows Components
      3. Under Windows Components, scroll down and select Windows Error Reporting. Make sure to only select Windows Error Reporting and not to expand it
      4. When the settings for the Windows Error Reporting subcategory appear under Setting name in the lower pane, select Disable Windows Error Reporting, and then select the X in the top right corner of the Settings picker window to close the window
    3. Change Disable Windows Error Reporting from Disabled to Enabled by selecting the slider next to the option
    4. Select Next
  8. In the Scope tags page, configure if necessary and then select Next
  9. In the Assignments page:
    1. Under Included groups, select Add groups

      Note

      Make sure to add the correct groups under Included groups and not under Excluded groups. Accidentally adding the desired device groups under Excluded groups will result in those devices being excluded and they won't receive the configuration profile.

    2. In the Select groups to include window that opens, select the groups that the configuration profile should be assigned to, and then select Select to close the Select groups to include window
    3. Under Included groups > Groups, ensure the correct group(s) are selected, and then select Next
  10. In Review + create page, review the configuration to make sure everything is configured correctly, and then select Create

Additional PDE configurations in Intune

The following PDE configurations can also be configured using Intune:

Prerequisites

Security hardening recommendations

More information