You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/protect/antivirus-microsoft-defender-settings-windows.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,16 +30,16 @@ ms.reviewer: laarrizz
30
30
31
31
# Settings for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices
32
32
33
-
> [!NOTE]
34
-
> This article details the settings in the Microsoft Defender Antivirus and Microsoft Defender Antivirus Exclusions profiles for the *Windows 10 and later* platform for endpoint security Antivirus policy. Beginning on April 5, 2022, the *Windows 10 and later* platform was replaced by the *Windows 10, Windows 11, and Windows Server* platform. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles. The settings details in this article apply to those deprecated profiles.
35
-
36
33
View details about the [endpoint security](../protect/endpoint-security-policy.md) antivirus policy settings you can configure for the Microsoft Defender Antivirus profile for Windows 10 and later in Microsoft Intune.
37
34
38
-
These settings are available in the following profiles:
39
-
40
-
- Microsoft Defender Antivirus
35
+
> [!NOTE]
36
+
> This article details the settings you can find in Microsoft Defender Antivirus and Microsoft Defender Antivirus Exclusions profiles created before April 5, 2022, for the *Windows 10 and later* platform for endpoint security Antivirus policy. On April 5, 2022, the *Windows 10 and later* platform was replaced by the *Windows 10, Windows 11, and Windows Server* platform. Profiles created after that date use a new settings format as found in the Settings Catalog. With this change you can no longer create new versions of the old profile and they are no longer being developed. Although you can no longer create new instances of the older profile, you can continue to edit and use instances of it that you previously created.
37
+
>
38
+
> For profiles that use the new settings format, Intune no longer maintains a list of each setting by name. Instead, the name of each setting, its configuration options, and its explanatory text you see in the Microsoft Endpoint Manager admin center are taken directly from the settings authoritative content. That content can provide more information about the use of the setting in its proper context. When viewing a settings information text, you can use its *Learn more* link to open that content.
39
+
>
40
+
> The following settings details for Windows profiles apply to those deprecated profiles.
-**Not configured** (*default*) - Microsoft Defender Application Guard is not configured for Microsoft Edge or isolated Windows environments.
64
+
-**Not configured** (*default*) - Microsoft Defender Application Guard isn't configured for Microsoft Edge or isolated Windows environments.
65
65
-**Enabled for Edge** - Application Guard opens unapproved sites in a Hyper-V virtualized browsing container.
66
66
-**Enabled for isolated Windows environments** - Application Guard is turned on for any applications enabled for App Guard within Windows.
67
67
-**Enabled for Edge AND isolated Windows environments** - Application Guard is configured for both scenarios.
@@ -147,7 +147,7 @@ Supported platforms and profiles:
147
147
148
148
To add thumbprints one at a time, select **Add**. You can use **Import** to specify a .CSV file that contains multiple thumbprint entries that are all added to the profile at the same time. When you use a .CSV file, each thumbprint must be separated by a comma. For example: `b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924`
149
149
150
-
All entries that are listed in the profile are active. You do not need to select a checkbox for a thumbprint entry to make it active. Instead, use the checkboxes to help you manage the entries that have been added to the profile. For example, you can select the checkbox of one or more certificate thumbprint entries and then **Delete** those entries from the profile with a single action.
150
+
All entries that are listed in the profile are active. You don't need to select a checkbox for a thumbprint entry to make it active. Instead, use the checkboxes to help you manage the entries that have been added to the profile. For example, you can select the checkbox of one or more certificate thumbprint entries and then **Delete** those entries from the profile with a single action.
151
151
152
152
-**Windows network isolation policy**
153
153
@@ -212,7 +212,9 @@ Supported platforms and profiles:
212
212
#### Attack Surface Reduction Rules
213
213
214
214
> [!NOTE]
215
-
> This section details the settings in Attack Surface Reduction Rules profiles created before April 5, 2022. Profiles created after that date use a new settings format as found in the Settings Catalog. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles.
215
+
> This section details the settings in Attack Surface Reduction Rules profiles created before April 5, 2022. Profiles created after that date use a new settings format as found in the Settings Catalog. With this change you can no longer create new versions of the old profile and they are no longer being developed. Although you can no longer create new instances of the older profile, you can continue to edit and use instances of it that you previously created.
216
+
>
217
+
> For profiles that use the new settings format, Intune no longer maintains a list of each setting by name. Instead, the name of each setting, its configuration options, and its explanatory text you see in the Microsoft Endpoint Manager admin center are taken directly from the settings authoritative content. That content can provide more information about the use of the setting in its proper context. When viewing a settings information text, you can use its *Learn more* link to open that content.
216
218
217
219
-**Block persistence through WMI event subscription**
218
220
[Reduce attack surfaces with attack surface reduction rules](/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
@@ -221,7 +223,7 @@ Supported platforms and profiles:
221
223
222
224
This rule prevents malware from abusing WMI to attain persistence on a device. Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden.
223
225
224
-
-**Not configured** (default) – The setting returns to the Windows default, which is off and persistence is not blocked.
226
+
-**Not configured** (default) – The setting returns to the Windows default, which is off and persistence isn't blocked.
225
227
-**Block** – Persistence through WMI is blocked.
226
228
-**Audit** – Evaluate how this rule affects your organization if it's enabled (set to Block).
227
229
-**Disable** - Turn this rule off. Persistence is not blocked.
@@ -395,6 +397,9 @@ Supported platforms and profiles:
395
397
396
398
> [!NOTE]
397
399
> This section details the settings found in Device control profiles created before May 23, 2022. Profiles created after that date use a new settings format as found in the Settings Catalog. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles.
400
+
>
401
+
> For profiles that use the new settings format, Intune no longer maintains a list of each setting by name. Instead, the name of each setting, its configuration options, and its explanatory text you see in the Microsoft Endpoint Manager admin center are taken directly from the settings authoritative content. That content can provide more information about the use of the setting in its proper context. When viewing a settings information text, you can use its *Learn more* link to open that content.
402
+
398
403
399
404
-**Allow hardware device installation by device identifiers**
400
405
-**Not configured***(default)*
@@ -549,8 +554,10 @@ Supported platforms and profiles:
549
554
550
555
#### Exploit protection
551
556
552
-
> [!NOTE]
553
-
> This section details the settings you can find in Exploit protection profiles created before April 5, 2022. Profiles created after that date use a new settings format as found in the Settings Catalog. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles.
557
+
> [!NOTE]
558
+
> This section details the settings you can find in Exploit protection profiles created before April 5, 2022. Profiles created after that date use a new settings format as found in the Settings Catalog. With this change you can no longer create new versions of the old profile and they are no longer being developed. Although you can no longer create new instances of the older profile, you can continue to edit and use instances of it that you previously created.
559
+
>
560
+
> For profiles that use the new settings format, Intune no longer maintains a list of each setting by name. Instead, the name of each setting, its configuration options, and its explanatory text you see in the Microsoft Endpoint Manager admin center are taken directly from the settings authoritative content. That content can provide more information about the use of the setting in its proper context. When viewing a settings information text, you can use its *Learn more* link to open that content.
Copy file name to clipboardExpand all lines: memdocs/intune/protect/endpoint-security-firewall-profile-settings.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,9 +29,6 @@ ms.reviewer: aanavath
29
29
---
30
30
# Firewall policy settings for endpoint security in Intune
31
31
32
-
> [!NOTE]
33
-
> Beginning on April 5, 2022, the *Windows 10 and later* platform and profiles for Windows devices were replaced by the *Windows 10, Windows 11, and Windows Server* platform and new instances of those same profiles. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles. The settings details for Windows profiles in this article apply to those deprecated profiles.
34
-
35
32
View the settings you can configure in profiles for *Firewall* policy in the endpoint security node of Intune as part of an [Endpoint security policy](../protect/endpoint-security-policy.md).
36
33
37
34
Applies to:
@@ -40,6 +37,13 @@ Applies to:
40
37
- Windows 10
41
38
- Windows 11
42
39
40
+
> [!NOTE]
41
+
> Beginning on April 5, 2022, the Firewall profiles for the *Windows 10 and later* platform were replaced by the *Windows 10, Windows 11, and Windows Server* platform and new instances of those same profiles. Profiles created after that date use a new settings format as found in the Settings Catalog. With this change you can no longer create new versions of the old profile and they are no longer being developed. Although you can no longer create new instances of the older profile, you can continue to edit and use instances of it that you previously created.
42
+
>
43
+
> For profiles that use the new settings format, Intune no longer maintains a list of each setting by name. Instead, the name of each setting, its configuration options, and its explanatory text you see in the Microsoft Endpoint Manager admin center are taken directly from the settings authoritative content. That content can provide more information about the use of the setting in its proper context. When viewing a settings information text, you can use its *Learn more* link to open that content.
44
+
>
45
+
> The settings details for Windows profiles in this article apply to those deprecated profiles.
0 commit comments