You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: windows-365/enterprise/security-guidelines.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,8 +36,8 @@ To help improve security for your Cloud PCs, consider the following general guid
36
36
2. Use Microsoft Defender for Endpoint to identify threats and set devices as non-compliant. You can easily connect Microsoft Defender for Endpoint to Cloud PC devices, apply device compliance policies to Cloud PCs, and use Conditional Access to identify threats. For more information, see [Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune](/mem/intune/protect/advanced-threat-protection).
37
37
3. Use Intune compliance policies with Conditional Access policies for Cloud PCs. These policies help identify non-compliant devices and users so they can’t access corporate resources until the device risk level is lowered. For more information, see [Windows 10/11 compliance settings in Microsoft Intune](/mem/intune/protect/compliance-policy-create-windows).
38
38
39
-
>[!Note]
40
-
>Cloud PCs aren't created with Secure Boot enabled and Cloud PCs don't support BitLocker. We recommend excluding these two settings from compliance policies targeting Cloud PCs.
39
+
>[!Note]
40
+
>Cloud PCs aren't created with Secure Boot enabled and Cloud PCs don't support BitLocker. We recommend excluding these two settings from compliance policies targeting Cloud PCs.
41
41
42
42
4. One of the most important elements of device security is OS updates. These updates make sure that devices stay up-to-date and secure while delivering new features and defenses against vulnerabilities. For Cloud PCs, Endpoint Manager can be used by IT admins to configure Intune Windows 10/11 update rings and policies for Windows Update for Business. For more information, see [Manage Windows 10/11 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).
43
43
5. By default Windows 365 Enterprise, end users are not administrators of their Cloud PCs. This aligns with Windows 10/11 security guidance. For more information about this guidance, see [Local Accounts](/windows/security/identity-protection/access-control/local-accounts#sec-restrict-protect-accounts) in the Windows documentation.
0 commit comments