deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
Gary Moore c353de08bd Correct font weight of table headings 
On Learn, table headings are bold by default, and in fact, a heavier weight font than standard bold. Adding formatting for bold results in a lighter weight font than is standard on Learn.
2024-09-25 13:56:40 -07:00

6.0 KiB
Raw Blame History

title, description, ms.manager, ms.date, ms.topic, ms.localizationpriority
title description ms.manager ms.date ms.topic ms.localizationpriority
Inbox App Control policies This article describes the inbox App Control policies that may be active on a device. jsuther 09/11/2024 conceptual medium

Inbox App Control policies

[!INCLUDE Feature availability note]

This article describes the App Control for Business policies that ship inbox with Windows and may be active on your devices. To see which policies are active on your device, use citool.exe or check the CodeIntegrity - Operational event log for 3099 policy activation events.

Inbox App Control Policies

Policy Name Policy ID Policy Type Description
Microsoft Windows Driver Policy {d2bda982-ccf6-4344-ac5b-0b44427b6816} Kernel-only Base policy This policy blocks known vulnerable or malicious kernel drivers. It's active by default on Windows 11 22H2, Windows in S mode, Windows 11 SE, and anywhere memory integrity (also known as hypervisor-protected code integrity (HVCI)) is on. Its policy binary file is found at %windir%\System32\CodeIntegrity\driversipolicy.p7b and in the EFI system partition at <EFI System Partition>\Microsoft\Boot\driversipolicy.p7b.
Windows10S_Lockdown_Policy_Supplementable {5951a96a-e0b5-4d3d-8fb8-3e5b61030784} Base policy This policy is active on devices running Windows in S mode. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\winsipolicy.p7b.
WindowsE_Lockdown_Policy {82443e1e-8a39-4b4a-96a8-f40ddc00b9f3} Base policy This policy is active on devices running Windows 11 SE. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}.cip.
WindowsE_Lockdown_Flight_Policy_Supplemental {5dac656c-21ad-4a02-ab49-649917162e70} Supplemental policy This policy is active on devices running Windows 11 SE that are enrolled in the Windows Insider program. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{5dac656c-21ad-4a02-ab49-649917162e70}.cip.
WindowsE_Lockdown_Test_Policy_Supplemental {CDD5CB55-DB68-4D71-AA38-3DF2B6473A52} Supplemental policy This policy is active on devices running Windows 11 SE with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{CDD5CB55-DB68-4D71-AA38-3DF2B6473A52}.cip.
VerifiedAndReputableDesktop {0283ac0f-fff1-49ae-ada1-8a933130cad6} Base policy This policy is active on devices running Windows 11 with Smart App Control turned on. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{0283ac0f-fff1-49ae-ada1-8a933130cad6}.cip.
VerifiedAndReputableDesktopFlightSupplemental {1678656c-05ef-481f-bc5b-ebd8c991502d} Supplemental policy This policy is active on devices running Windows 11 with Smart App Control turned on and enrolled in the Windows Insider program. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{1678656c-05ef-481f-bc5b-ebd8c991502d}.cip.
VerifiedAndReputableDesktopTestSupplemental {0939ED82-BFD5-4D32-B58E-D31D3C49715A} Supplemental policy This policy is active on devices running Windows 11 with Smart App Control turned on and with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{0939ED82-BFD5-4D32-B58E-D31D3C49715A}.cip.
VerifiedAndReputableDesktopEvaluation {1283ac0f-fff1-49ae-ada1-8a933130cad6} Base policy This policy is active on devices running Windows 11 with Smart App Control in evaluation mode. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{1283ac0f-fff1-49ae-ada1-8a933130cad6}.cip.
VerifiedAndReputableDesktopEvaluationFlightSupplemental {2678656c-05ef-481f-bc5b-ebd8c991502d} Supplemental policy This policy is active on devices running Windows 11 with Smart App Control in evaluation mode and enrolled in the Windows Insider program. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{2678656c-05ef-481f-bc5b-ebd8c991502d}.cip.
VerifiedAndReputableDesktopEvaluationTestSupplemental {1939ED82-BFD5-4D32-B58E-D31D3C49715A} Supplemental policy This policy is active on devices running Windows 11 with Smart App Control in evaluation mode and with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{1939ED82-BFD5-4D32-B58E-D31D3C49715A}.cip.