You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/device-control-deploy-manage-gpo.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to deploy and manage device control in Defender for Endpo
4
4
author: siosulli
5
5
ms.author: siosulli
6
6
manager: deniseb
7
-
ms.date: 02/14/2024
7
+
ms.date: 08/27/2024
8
8
ms.topic: overview
9
9
ms.service: defender-endpoint
10
10
ms.subservice: asr
@@ -34,7 +34,7 @@ If you're using Group Policy to manage Defender for Endpoint settings, you can u
34
34
35
35
:::image type="content" source="media/deploy-dc-gpo/enable-disable-rsac.png" alt-text="Screenshot of enable disable rsac." lightbox="media/deploy-dc-gpo/enable-disable-rsac.png":::
36
36
37
-
1. On a device running Windows, go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Features**\>**Device Control**.
37
+
1. On a device running Windows, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Features** > **Device Control**.
38
38
39
39
2. In the **Device Control** window, select **Enabled**.
40
40
@@ -49,7 +49,7 @@ You can set default access such as, `Deny` or `Allow` for all device control fea
49
49
50
50
For example, you can have either a `Deny` or an `Allow` policy for `RemovableMediaDevices`, but not for `CdRomDevices` or `WpdDevices`. If you set `Default Deny` through this policy, then Read/Write/Execute access to `CdRomDevices` or `WpdDevices` is blocked. If you only want to manage storage, make sure to create `Allow` policy for printers. Otherwise, default enforcement (Deny) is applied to printers, too.
51
51
52
-
1. On a device running Windows, go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Features**\>**Device Control**\>**Select Device Control Default Enforcement Policy**.
52
+
1. On a device running Windows, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Features** > **Device Control** > **Select Device Control Default Enforcement Policy**.
53
53
54
54
2. In the **Select Device Control Default Enforcement Policy** window, select **Default Deny**.
55
55
@@ -59,7 +59,7 @@ For example, you can have either a `Deny` or an `Allow` policy for `RemovableMed
59
59
60
60
To configure the device types that a device control policy is applied, follow these steps:
61
61
62
-
1. On a computer running Windows, go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Device Control**\>**Turn on device control for specific device types**.
62
+
1. On a computer running Windows, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Device Control** > **Turn on device control for specific device types**.
63
63
64
64
2. In the **Turn on device control for specific types** window, specify the product family IDs, separate by a pipe (`|`). Product family IDs include `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`, or `PrinterDevices`.
65
65
@@ -75,7 +75,7 @@ To configure the device types that a device control policy is applied, follow th
75
75
76
76
4. Define the settings as follows:
77
77
78
-
1. On a device running Windows, go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Device Control**\>**Define device control policy groups**.
78
+
1. On a device running Windows, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Device Control** > **Define device control policy groups**.
79
79
80
80
2. In the **Define device control policy groups** window, specify the network share file path containing the XML groups data.
81
81
@@ -97,7 +97,7 @@ You can create different group types. Here's one group example XML file for any
97
97
98
98
4. Define the settings as follows:
99
99
100
-
1. On a device running Windows, go to **Computer Configuration**\>**Administrative Templates**\>**Windows Components**\>**Microsoft Defender Antivirus**\>**Device Control**\>**Define device control policy rules**.
100
+
1. On a device running Windows, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Device Control** > **Define device control policy rules**.
101
101
102
102
2. In the **Define device control policy rules** window, select **Enabled**, and then specify the network share file path containing the XML rules data.
0 commit comments