You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/device-control-deploy-manage-gpo.md
+2-20Lines changed: 2 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -101,29 +101,11 @@ You can create different group types. Here's one group example XML file for any
101
101
102
102
2. In the **Define device control policy rules** window, select **Enabled**, and then specify the network share file path containing the XML rules data.
103
103
104
+
> [!NOTE]
105
+
> To capture evidence of files being copied or printed, use [Endpoint DLP.](/purview/dlp-copy-matched-items-get-started?tabs=purview-portal%2Cpurview)
104
106
> [!NOTE]
105
107
> Comments using XML comment notation `<!-- COMMENT -->` can be used in the Rule and Group XML files, but they must be inside the first XML tag, not the first line of the XML file.
106
108
107
-
## Set location for a copy of the file (evidence)
108
-
109
-
:::image type="content" source="media/deploy-dc-gpo/set-loc-copy-file.png" alt-text="Screenshot of set location for a copy of the file." lightbox="media/deploy-dc-gpo/set-loc-copy-file.png":::
110
-
111
-
If you want to have a copy of the file (evidence) having Write access, set right **Options** in your removable storage access policy rule in the XML file, and then specify the location where system can save the copy.
112
-
113
-
1. On a device running Windows, go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Device Control**\>**Define Device Control evidence data remote location**.
114
-
115
-
2. In the **Define Device Control evidence data remote location** window, select **Enabled**, and then specify the local or network share folder path.
116
-
117
-
## Retention period for local evidence cache
118
-
119
-
:::image type="content" source="media/deploy-dc-gpo/retention-loc-cache.png" alt-text="Screenshot of retention period for local cache." lightbox="media/deploy-dc-gpo/retention-loc-cache.png":::
120
-
121
-
If you want to change the default value of 60 days for persisting the local cache for file evidence, follow these steps:
122
-
123
-
1. Go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Device Control**\>**Set the retention period for files in the local device control cache**.
124
-
125
-
2. In the **Set the retention period for files in the local device control cache** window, select **Enabled**, and then enter the number of days to retain the local cache (default 60).
126
-
127
109
## See also
128
110
129
111
-[Device control in Defender for Endpoint](device-control-overview.md)
0 commit comments