diff --git a/redir/.openpublishing.redirection.json b/redir/.openpublishing.redirection.json index d12a25a2e161..157a0e157f45 100644 --- a/redir/.openpublishing.redirection.json +++ b/redir/.openpublishing.redirection.json @@ -1,5 +1,15 @@ { "redirections": [ + { + "redirect_document_id": true, + "redirect_url": "/powershell/scripting/security/app-control/how-to-use-app-control", + "source_path": "../reference/docs-conceptual/security/app-control/how-to-use-wdac.md" + }, + { + "redirect_document_id": true, + "redirect_url": "/powershell/scripting/security/app-control/how-app-control-works", + "source_path": "../reference/docs-conceptual/security/app-control/how-wdac-works.md" + }, { "redirect_document_id": true, "redirect_url": "/powershell/scripting/security/preventing-script-injection", diff --git a/reference/5.1/Microsoft.PowerShell.Utility/Invoke-WebRequest.md b/reference/5.1/Microsoft.PowerShell.Utility/Invoke-WebRequest.md index 6a82a69e020c..e60be6dc1538 100644 --- a/reference/5.1/Microsoft.PowerShell.Utility/Invoke-WebRequest.md +++ b/reference/5.1/Microsoft.PowerShell.Utility/Invoke-WebRequest.md @@ -453,6 +453,11 @@ Accept wildcard characters: False Indicates that the cmdlet returns the results, in addition to writing them to a file. This parameter is valid only when the **OutFile** parameter is also used in the command. +> [!NOTE] +> When you use the **PassThru** parameter, the output is written to the pipeline but the file is +> empty. For more information, see +> [PowerShell Issue #15409](https://github.com/PowerShell/PowerShell/issues/15409). + ```yaml Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) diff --git a/reference/docs-conceptual/community/2024-updates.md b/reference/docs-conceptual/community/2024-updates.md index fa67906852b1..14dedcc15bf1 100644 --- a/reference/docs-conceptual/community/2024-updates.md +++ b/reference/docs-conceptual/community/2024-updates.md @@ -1,6 +1,6 @@ --- description: List of changes to the PowerShell documentation for 2024 -ms.date: 09/05/2024 +ms.date: 10/19/2024 title: What's New in PowerShell-Docs for 2024 --- # What's new in PowerShell Docs for 2024 @@ -11,6 +11,30 @@ community. Help us make the documentation better for you. Read the [Contributor's Guide][01] to learn how to get started. +## 2024-September + +New content + +- [Improve the accessibility of output in PowerShell](/powershell/scripting/learn/shell/output-for-screen-reader) +- [What's new in PSResourceGet?](/powershell/gallery/powershellget/psresourceget-release-notes) +- [about_PSReadLine_Release_Notes](/powershell/module/psreadline/about/about_psreadline_release_notes) + +### Top Community Contributors + +GitHub stats + +- 29 PRs merged (1 from Community) +- 19 issues opened (19 from Community) +- 20 issues closed (20 Community issues closed) + +The following people contributed to PowerShell docs this month by submitting pull requests or +filing issues. Thank you! + +| GitHub Id | PRs merged | Issues opened | +| --------- | :--------: | :-----------: | +| iRon7 | | 5 | +| jikuja | | 2 | + ## 2024-August - Updates for new releases of PowerShell 7.2.23, 7.4.5 and 7.5-preview.4 diff --git a/reference/docs-conceptual/community/hall-of-fame.md b/reference/docs-conceptual/community/hall-of-fame.md index 1d5085cc4a91..8c3d5cf2dc01 100644 --- a/reference/docs-conceptual/community/hall-of-fame.md +++ b/reference/docs-conceptual/community/hall-of-fame.md @@ -1,6 +1,6 @@ --- description: List of the GitHub users that have the most contributions to the PowerShell-Doc project. -ms.date: 09/05/2024 +ms.date: 10/19/2024 title: Community contributor Hall of Fame --- # Community Contributor Hall of Fame @@ -17,7 +17,7 @@ Pull Requests help us fix those issues and make the documentation better for eve | PRs Merged | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 | Grand Total | | --------------- | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ----------: | -| Community | 3 | 194 | 446 | 464 | 318 | 161 | 100 | 122 | 108 | 53 | 1969 | +| Community | 3 | 194 | 446 | 464 | 318 | 161 | 100 | 121 | 108 | 54 | 1969 | | matt9ucci | | | 157 | 80 | 30 | 1 | 6 | | | | 274 | | nschonni | | | | 14 | 138 | 10 | | | | | 162 | | kiazhi | | 25 | 79 | 12 | | | | | | | 116 | @@ -31,8 +31,8 @@ Pull Requests help us fix those issues and make the documentation better for eve | NReilingh | | 2 | | 13 | 3 | | | | | | 18 | | it-praktyk | | | | 16 | 1 | | | | | | 17 | | vors | | 15 | 1 | | | | | | | | 16 | -| markekraus | | | 11 | 5 | | | | | | | 16 | | kvprasoon | | 2 | 1 | 7 | 2 | 2 | 2 | | | | 16 | +| markekraus | | | 11 | 5 | | | | | | | 16 | | purdo17 | | | | 13 | | | | | | | 13 | | k-takai | | | | 5 | 1 | 7 | | | | | 13 | | exchange12rocks | | | 7 | 3 | | | 1 | | | | 11 | @@ -45,15 +45,15 @@ GitHub issues help us identify errors and gaps in our documentation. | Issues Opened | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 | Grand Total | | --------------- | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ----------: | -| Community | 3 | 54 | 95 | 211 | 561 | 557 | 365 | 225 | 270 | 157 | 2498 | +| Community | 3 | 54 | 95 | 211 | 561 | 557 | 364 | 225 | 270 | 169 | 2509 | | mklement0 | | | 19 | 60 | 56 | 61 | 28 | 8 | 20 | 23 | 275 | | ehmiiz | | | | | | | | 20 | 14 | | 34 | | iSazonov | | | 1 | 4 | 10 | 8 | 4 | 3 | | 1 | 31 | | jszabo98 | | | | 2 | 15 | 6 | 1 | | 1 | 2 | 27 | +| iRon7 | | | | | | 2 | 2 | 2 | 10 | 7 | 23 | | juvtib | | | | | | 15 | 7 | | | | 22 | | doctordns | | | 5 | 3 | 5 | 7 | 1 | | | | 21 | | peetrike | | | | 1 | | 4 | 2 | 6 | 4 | 3 | 20 | -| iRon7 | | | | | | 2 | 2 | 2 | 10 | 4 | 20 | | vexx32 | | | | 3 | 11 | | | 3 | | | 17 | | JustinGrote | | | | 1 | 3 | 6 | 1 | 1 | 2 | 2 | 16 | | KirkMunro | | | | 7 | 7 | 1 | | | | | 15 | diff --git a/reference/docs-conceptual/security/app-control/application-control.md b/reference/docs-conceptual/security/app-control/application-control.md index cdf619174997..5ee6aaed3460 100644 --- a/reference/docs-conceptual/security/app-control/application-control.md +++ b/reference/docs-conceptual/security/app-control/application-control.md @@ -1,85 +1,84 @@ --- -description: This article explains the features of Windows using Windows Defender Application Control (WDAC) that can be used to secure your PowerShell environment. -ms.date: 09/19/2024 -title: Use Windows Defender Application Control to secure PowerShell +description: This article explains the features of Application Control that can be used to secure your PowerShell environment. +ms.date: 10/21/2024 +title: Use App Control to secure PowerShell --- -# Use Windows Defender Application Control to secure PowerShell +# Use App Control to secure PowerShell -Windows 10 includes two technologies, [Windows Defender Application Control (WDAC)][04] and -[AppLocker][01] that you can use to control applications. They allow you to create a lockdown -experience to help secure your PowerShell environment. +Windows 10 includes two technologies, [App Control for Business][04] and [AppLocker][01], +that you can use to control applications. They allow you to create a lockdown experience to help +secure your PowerShell environment. **AppLocker** builds on the application control features of Software Restriction Policies. AppLocker allows you to create rules to allow or deny apps for specific users or groups. You identify the apps based on unique properties of the files. -**WDAC**, introduced with Windows 10, allows you to control which drivers and applications are -allowed to run on Windows. +**Application Control for Business**, introduced in Windows 10 as Windows Defender Application +Control (WDAC), allows you to control which drivers and applications are allowed to run on Windows. ## Lockdown policy detection -PowerShell detects both AppLocker and WDAC system wide policies. AppLocker doesn't have way to query -the policy enforcement status. To detect if a system wide application control policy is being -enforced by AppLocker, PowerShell creates two temporary files and tests if they can be executed. The -filenames use the following name format: +PowerShell detects both AppLocker and App Control for Business system wide policies. AppLocker +doesn't have way to query the policy enforcement status. To detect if a system wide application +control policy is being enforced by AppLocker, PowerShell creates two temporary files and tests if +they can be executed. The filenames use the following name format: - `$env:TEMP/__PSAppLockerTest__.ps1` - `$env:TEMP/__PSAppLockerTest__.psm1` -WDAC is the preferred application control system for Windows. WDAC provides APIs that allow you to -discover the policy configuration. WDAC is designed as a security feature under the servicing -criteria defined by the Microsoft Security Response Center (MSRC). - -For more information about AppLocker and WDAC, see [Application Controls for Windows][04] and -[WDAC and AppLocker feature availability][02]. +App Control for Business is the preferred application control system for Windows. App Control +provides APIs that allow you to discover the policy configuration. App Control is designed as a +security feature under the servicing criteria defined by the Microsoft Security Response Center +(MSRC). For more information, see [Application Controls for Windows][04] and +[App Control and AppLocker feature availability][02]. > [!NOTE] -> When [choosing between WDAC or AppLocker][03], we recommend that you implement application control -> using WDAC rather than AppLocker. Microsoft is continually improving WDAC and Microsoft management -> platforms are extending their support for WDAC. Although AppLocker may continue to receive -> security fixes, it won't receive feature enhancements. +> When [choosing between App Control or AppLocker][03], we recommend that you implement application +> control using App Control for Business rather than AppLocker. Microsoft is no longer investing in +> AppLocker. Although AppLocker may continue to receive security fixes, it won't receive feature +> enhancements. -## WDAC policy enforcement +## App Control policy enforcement -When PowerShell runs under a WDAC policy, its behavior changes based on the defined security policy. -Under a WDAC policy, PowerShell runs trusted scripts and modules allowed by the policy in -`FullLanguage` mode. All other scripts and script blocks are untrusted and run in +When PowerShell runs under an App Control policy, its behavior changes based on the defined security +policy. Under an App Control policy, PowerShell runs trusted scripts and modules allowed by the +policy in `FullLanguage` mode. All other scripts and script blocks are untrusted and run in `ConstrainedLanguage` mode. PowerShell throws errors when the untrusted scripts attempt to perform actions that aren't allowed in `ConstrainedLanguage` mode. It can be difficult to know why a script failed to run correctly in `ConstrainedLanguage` mode. -## WDAC policy auditing +## App Control policy auditing -PowerShell 7.4 added a new feature to support WDAC policies in **Audit** mode. In audit mode, +PowerShell 7.4 added a new feature to support App Control policies in **Audit** mode. In audit mode, PowerShell runs the untrusted scripts in `ConstrainedLanguage` mode without errors, but logs messages to the event log instead. The log messages describe what restrictions would apply if the policy were in **Enforce** mode. ## History of changes -Windows PowerShell 5.1 was the first version of PowerShell to support WDAC. The security features of -WDAC and AppLocker improve with each new release of PowerShell. The following sections describe how -this support changed in each version of PowerShell. The changes are cumulative, so the features -described in the later versions include those from earlier versions. +Windows PowerShell 5.1 was the first version of PowerShell to support App Control. The security +features of App Control and AppLocker improve with each new release of PowerShell. The following +sections describe how this support changed in each version of PowerShell. The changes are +cumulative, so the features described in the later versions include those from earlier versions. ### Changes in PowerShell 7.4 -On Windows, when PowerShell runs under a Windows Defender Application Control (WDAC) policy, its -behavior changes based on the defined security policy. Under a WDAC policy, PowerShell runs trusted -scripts and modules allowed by the policy in `FullLanguage` mode. All other scripts and script -blocks are untrusted and run in `ConstrainedLanguage` mode. PowerShell throws errors when the -untrusted scripts attempt to perform disallowed actions. It's difficult to know why a script fails -to run correctly in `ConstrainedLanguage` mode. +On Windows, when PowerShell runs under an App Control policy, its behavior changes based on the +defined security policy. Under an App Control policy, PowerShell runs trusted scripts and modules +allowed by the policy in `FullLanguage` mode. All other scripts and script blocks are untrusted and +run in `ConstrainedLanguage` mode. PowerShell throws errors when the untrusted scripts attempt to +perform disallowed actions. It's difficult to know why a script fails to run correctly in +`ConstrainedLanguage` mode. -PowerShell 7.4 now supports WDAC policies in **Audit** mode. In audit mode, PowerShell runs the -untrusted scripts in `ConstrainedLanguage` mode but logs messages to the event log instead of +PowerShell 7.4 now supports App Control policies in **Audit** mode. In audit mode, PowerShell runs +the untrusted scripts in `ConstrainedLanguage` mode but logs messages to the event log instead of throwing errors. The log messages describe what restrictions would apply if the policy were in **Enforce** mode. ### Changes in PowerShell 7.3 -- PowerShell 7.3 now supports the ability to block or allow PowerShell script files via the WDAC - API. +- PowerShell 7.3 now supports the ability to block or allow PowerShell script files via the App + Control API. ### Changes in PowerShell 7.2 @@ -96,14 +95,14 @@ throwing errors. The log messages describe what restrictions would apply if the ## Further reading -- For more information about how WDAC works and what restrictions it enforces, see - [How WDAC works with PowerShell][06]. -- For more information about securing PowerShell with WDAC, see [How to use WDAC][05]. +- For more information about how App Control works and what restrictions it enforces, see + [How App Control works with PowerShell][06]. +- For more information about securing PowerShell with App Control, see [How to use App Control][05]. -[01]: /windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker -[02]: /windows/security/threat-protection/windows-defender-application-control/feature-availability -[03]: /windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview#choose-when-to-use-wdac-or-applocker -[04]: /windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control -[05]: how-to-use-wdac.md -[06]: how-wdac-works.md +[01]: /windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker +[02]: /windows/security/application-security/application-control/app-control-for-business/feature-availability +[03]: /windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview#choose-when-to-use-app-control-or-applocker +[04]: /windows/security/application-security/application-control/app-control-for-business/appcontrol +[05]: how-to-use-app-control.md +[06]: how-app-control-works.md diff --git a/reference/docs-conceptual/security/app-control/how-wdac-works.md b/reference/docs-conceptual/security/app-control/how-app-control-works.md similarity index 89% rename from reference/docs-conceptual/security/app-control/how-wdac-works.md rename to reference/docs-conceptual/security/app-control/how-app-control-works.md index 43f8dfbd3bb8..130c01e29e2e 100644 --- a/reference/docs-conceptual/security/app-control/how-wdac-works.md +++ b/reference/docs-conceptual/security/app-control/how-app-control-works.md @@ -1,31 +1,31 @@ --- -description: This article explains how WDAC works to secure PowerShell and the restrictions it imposes. +description: This article explains how App Control for Business works to secure PowerShell and the restrictions it imposes. ms.date: 09/19/2024 -title: How WDAC works with PowerShell +title: How App Control for Business works with PowerShell --- -# How WDAC works with PowerShell +# How App Control works with PowerShell -This article explains how **Windows Defender Application Control** (WDAC) secures PowerShell and the +This article explains how **App Control for Business** secures PowerShell and the restrictions it imposes. The secure behavior of PowerShell varies based on the version of Windows and PowerShell you're using. ## How PowerShell detects a system lockdown policy -PowerShell detects both **AppLocker** and **Windows Defender Application Control** (WDAC) system -wide polices. AppLocker is deprecated. WDAC is the preferred application control system for Windows. +PowerShell detects both **AppLocker** and **App Control for Business** system +wide polices. AppLocker is deprecated. App Control is the preferred application control system for Windows. -### Legacy WDAC policy enforcement detection +### Legacy App Control policy enforcement detection -PowerShell uses the legacy WDAC `WldpGetLockdownPolicy` API to discover two things: +PowerShell uses the legacy App Control `WldpGetLockdownPolicy` API to discover two things: - System wide policy enforcement: `None`, `Audit`, `Enforce` - Individual file policy: `None`, `Audit` (allowed by policy), `Enforce` (not allowed by policy) -All versions of PowerShell (v5.1 - v7.x) support this WDAC policy detection. +All versions of PowerShell (v5.1 - v7.x) support this App Control policy detection. -### Latest WDAC policy enforcement detection +### Latest App Control policy enforcement detection -WDAC introduced new APIs in recent versions of Windows. Beginning with version 7.3, PowerShell uses +App Control introduced new APIs in recent versions of Windows. Beginning with version 7.3, PowerShell uses the new `WldpCanExecuteFile` API to decide how a file should be handled. Windows PowerShell 5.1 doesn't support this new API. The new API takes precedence over the legacy API for individual files. However, PowerShell continues to use the legacy API to get the system wide policy configuration. If @@ -54,7 +54,7 @@ this mode, see the [PowerShell restrictions under lockdown policy][02] section o ### Noninteractive mode running under policy enforcement -When PowerShell runs a script or loads a module, it uses the WDAC API to get the policy enforcement +When PowerShell runs a script or loads a module, it uses the App Control API to get the policy enforcement for the file. PowerShell version 7.3 or higher uses the `WldpCanExecuteFile` API if available. This API returns one @@ -77,7 +77,7 @@ behavior is: ## PowerShell restrictions under lockdown policy -When PowerShell detects the system is under a WDAC lockdown policy, it applies restrictions even if +When PowerShell detects the system is under a App Control lockdown policy, it applies restrictions even if the script is trusted and running in `FullLanguage` mode. These restrictions prevent known behaviors of PowerShell that could result in arbitrary code execution on a locked-down system. The lockdown policy enforces the following restrictions: @@ -128,7 +128,7 @@ policy enforces the following restrictions: ## PowerShell restrictions under constrained language mode -Script or function that isn't approved by the WDAC policy is untrusted. When you run an untrusted +Script or function that isn't approved by the App Control policy is untrusted. When you run an untrusted command, PowerShell either blocks the command from running (new behavior) or runs the command in `ConstrainedLanguage` mode. The following restrictions apply to `ConstrainedLanguage` mode: @@ -246,7 +246,7 @@ command, PowerShell either blocks the command from running (new behavior) or run ## Further reading - For more information about PowerShell language modes, see [about_Language_Modes][01]. -- For information about how to configure and use WDAC, see [How to use WDAC for PowerShell][03]. +- For information about how to configure and use App Control, see [How to use App Control for PowerShell][03]. [01]: /powershell/module/microsoft.powershell.core/about/about_language_modes diff --git a/reference/docs-conceptual/security/app-control/how-to-use-wdac.md b/reference/docs-conceptual/security/app-control/how-to-use-app-control.md similarity index 76% rename from reference/docs-conceptual/security/app-control/how-to-use-wdac.md rename to reference/docs-conceptual/security/app-control/how-to-use-app-control.md index 0e58f08e75e7..1042b978e53c 100644 --- a/reference/docs-conceptual/security/app-control/how-to-use-wdac.md +++ b/reference/docs-conceptual/security/app-control/how-to-use-app-control.md @@ -1,31 +1,31 @@ --- -description: This article explains how to configure and use WDAC to secure PowerShell. -ms.date: 09/19/2024 -title: How to use WDAC to secure PowerShell +description: This article explains how to configure and use App Control to secure PowerShell. +ms.date: 10/21/2024 +title: How to use App Control to secure PowerShell --- -# How to use WDAC to secure PowerShell +# How to use App Control to secure PowerShell -This article describes how to set up a **Windows Defender Application Control** (WDAC) policy. You -can configure the policy to enforce or audit the policy's rule. In audit mode, PowerShell behavior -doesn't change but it logs Event ID 16387 messages to the `PowerShellCore/Analytic` event log. In -enforcement mode, PowerShell applies the policy's restrictions. +This article describes how to set up a **App Control for Business** policy. You can configure the +policy to enforce or audit the policy's rule. In audit mode, PowerShell behavior doesn't change but +it logs Event ID 16387 messages to the `PowerShellCore/Analytic` event log. In enforcement mode, +PowerShell applies the policy's restrictions. This article assumes you're using a test machine so that you can test PowerShell behavior under a -machine wide WDAC policy before you deploy the policy in your environment. +machine wide App Control policy before you deploy the policy in your environment. -## Create a WDAC policy +## Create an App Control policy -A WDAC policy is described in an XML file, which contains information about policy options, files -allowed, and signing certificates recognized by the policy. When the policy is applied, only +An App Control policy is described in an XML file, which contains information about policy options, +files allowed, and signing certificates recognized by the policy. When the policy is applied, only approved files are allowed to load and run. PowerShell either blocks unapproved script files from running or runs them in `ConstrainedLanguage` mode, depending on policy options. -You create and manipulate WDAC policy using the **ConfigCI** module, which is available on all -supported Windows versions. This Windows PowerShell module can be used in Windows PowerShell 5.1 or -in PowerShell 7 through the **Windows Compatibility** layer. It's easier to use this module in +You create and manipulate App Control policy using the **ConfigCI** module, which is available on +all supported Windows versions. This Windows PowerShell module can be used in Windows PowerShell 5.1 +or in PowerShell 7 through the **Windows Compatibility** layer. It's easier to use this module in Windows PowerShell. The policy you create can be applied to any version of PowerShell. -## Steps to create a WDAC policy +## Steps to create an App Control policy For testing, you just need to create a default policy and a self signed code signing certificate. @@ -85,13 +85,13 @@ For testing, you just need to create a default policy and a self signed code sig 1. Convert the XML policy file to a policy enforcement binary file - Finally, you need to convert the XML file to a binary file used by WDAC to apply a policy. + Finally, you need to convert the XML file to a binary file used by App Control to apply a policy. ```powershell ConvertFrom-CIPolicy -XmlFilePath .\SystemCIPolicy.xml -BinaryFilePath .\SIPolicy.p7b ``` -1. Apply the WDAC policy +1. Apply the App Control policy To apply the policy to your test machine, copy the `SIPolicy.p7b` file to the required system location, `C:\Windows\System32\CodeIntegrity`. @@ -99,9 +99,9 @@ For testing, you just need to create a default policy and a self signed code sig > [!NOTE] > Some policies definition must be copied to a subfolder such as > `C:\Windows\System32\CodeIntegrity\CiPolicies`. For more information, see - > [WDAC Admin Tips & Known Issues][01]. + > [App Control Admin Tips & Known Issues][01]. -1. Disable the WDAC policy +1. Disable the App Control policy To disable the policy, rename the `SIPolicy.p7b` file. If you need to do more testing, you can change the name back to reenable the policy. @@ -110,9 +110,9 @@ For testing, you just need to create a default policy and a self signed code sig Rename-Item -Path .\SIPolicy.p7b -NewName .\SIPolicy.p7b.off ``` -## Test using WDAC policy auditing +## Test using App Control policy auditing -PowerShell 7.4 added a new feature to support WDAC policies in **Audit** mode. In audit mode, +PowerShell 7.4 added a new feature to support App Control policies in **Audit** mode. In audit mode, PowerShell runs the untrusted scripts in `ConstrainedLanguage` mode without errors, but logs messages to the event log instead. The log messages describe what restrictions would apply if the policy were in **Enforce** mode. @@ -141,7 +141,7 @@ Get-WinEvent -LogName PowerShellCore/Analytic -Oldest | TimeCreated : 4/19/2023 10:11:07 AM ProviderName : PowerShellCore Id : 16387 -Message : WDAC Audit. +Message : App Control Audit. Title: Method or Property Invocation Message: Method or Property 'WriteLine' on type 'System.Console' invocation will not @@ -153,7 +153,7 @@ Message : WDAC Audit. ``` The event message includes the script position where the restriction would be applied. This -information helps you understand where you need to change your script so that it runs under the WDAC +information helps you understand where you need to change your script so that it runs under the App Control policy. > [!IMPORTANT] @@ -168,4 +168,4 @@ the audit event occurred. The breakpoint allows you to debug your code and inspe of the script in real time. -[01]: /windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues +[01]: /windows/security/application-security/application-control/app-control-for-business/operations/known-issues diff --git a/reference/docs-conceptual/security/overview.yml b/reference/docs-conceptual/security/overview.yml index 6aeb39700a7e..3ddaf302033a 100644 --- a/reference/docs-conceptual/security/overview.yml +++ b/reference/docs-conceptual/security/overview.yml @@ -20,7 +20,7 @@ landingContent: links: - text: PowerShell security features url: security-features.md - - text: Using Windows Defender Application Control + - text: Using App Control for Business url: application-control.md - linkListType: how-to-guide links: @@ -74,18 +74,18 @@ landingContent: url: remoting/jea/audit-and-report.md # Card - - title: Using WDAC + - title: Using App Control linkLists: - linkListType: overview links: - - text: Using Windows Defender Application Control + - text: Using App Control for Business url: app-control/application-control.md - - text: How WDAC works with PowerShell - url: app-control/how-wdac-works.md + - text: How App Control works with PowerShell + url: app-control/how-app-control-works.md - linkListType: how-to-guide links: - - text: How to use WDAC to secure PowerShell - url: app-control/how-to-use-wdac.md + - text: How to use App Control to secure PowerShell + url: app-control/how-to-use-app-control.md # Card - title: Managing secrets diff --git a/reference/docs-conceptual/security/security-features.md b/reference/docs-conceptual/security/security-features.md index 27699e1a6205..91488e42babf 100644 --- a/reference/docs-conceptual/security/security-features.md +++ b/reference/docs-conceptual/security/security-features.md @@ -64,17 +64,17 @@ a PowerShell session. For a full description, see [about_Language_Modes][04]. ## Application Control -Windows 10 includes two technologies, [Windows Defender Application Control (WDAC)][08] and -[AppLocker][07] that you can use to control applications. PowerShell detects if a system wide -application control policy is being enforced. The policy applies certain behaviors when running -script blocks, script files, or loading module files to prevent arbitrary code execution on the -system. +Windows 10 includes two technologies, [App Control for Business][08] and [AppLocker][07] that you +can use to control applications. PowerShell detects if a system wide application control policy is +being enforced. The policy applies certain behaviors when running script blocks, script files, or +loading module files to prevent arbitrary code execution on the system. -WDAC is designed as a security feature under the servicing criteria defined by the Microsoft -Security Response Center (MSRC). WDAC is the preferred application control system for Windows. +App Control for Business is designed as a security feature under the servicing criteria defined by +the Microsoft Security Response Center (MSRC). App Control is the preferred application control +system for Windows. -For more information about how PowerShell supports AppLocker and WDAC, see -[Using Windows Defender Application Control][10]. +For more information about how PowerShell supports AppLocker and App Control, see +[Use App Control to secure PowerShell][10]. ## Software Bill of Materials (SBOM) @@ -98,8 +98,8 @@ features meet the criteria for servicing. Security features -- System Lockdown with WDAC -- Constrained language mode with WDAC +- System Lockdown with App Control for Business +- Constrained language mode with App Control for Business Defense in depth features @@ -114,8 +114,8 @@ Defense in depth features [04]: /powershell/module/microsoft.powershell.core/about/about_language_modes [05]: /powershell/module/microsoft.powershell.core/about/about_logging_non-windows [06]: /powershell/module/microsoft.powershell.core/about/about_logging_windows -[07]: /windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker -[08]: /windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control +[07]: /windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker +[08]: /windows/security/application-security/application-control/app-control-for-business/appcontrol [09]: /windows/win32/amsi/how-amsi-helps [10]: app-control/application-control.md [11]: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/