You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-p1-setup-configuration.md
+8-12Lines changed: 8 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -214,24 +214,20 @@ We recommend using Intune to configure controlled folder access.
214
214
215
215
1. Go to the [Intune admin center](https://intune.microsoft.com) and sign in.
216
216
217
-
2.Select **Endpoint Security**, and then select**Attack Surface Reduction**.
217
+
2.Go to **Endpoint Security** > **Attack Surface Reduction**, and then choose**+ Create Policy**.
218
218
219
-
3.Choose**+ Create Policy**.
219
+
3.For**Platform**, select **Windows 10, Windows 11, and Windows Server**, and for **Profile**, select **Attack surface reduction rules**. Then choose **Create**.
220
220
221
-
4. For **Platform**, select **Windows 10, Windows 11, and Windows Server**, and for **Profile**, select **Attack surface reduction rules**. Then choose **Create**.
222
-
223
-
5. On the **Basics** tab, name the policy and add a description. Select **Next**.
221
+
4. On the **Basics** tab, name the policy and add a description. Select **Next**.
224
222
225
-
6. On the **Configuration settings** tab, in the **Attack Surface Reduction Rules** section, scroll down to the bottom. In the **Enable Controlled Folder Access** drop-down, select **Enable**. You can optionally specify these other settings:
223
+
5. On the **Configuration settings** tab, under **Defender** section, scroll down to the bottom. In the **Enable Controlled Folder Access** drop-down, select **Enabled**, and then choose **Next**.
226
224
227
-
- Next to **Controlled Folder Access Protected Folders**, toggle the switch to **Configured**, and then add folders that need to be protected.
228
-
- Next to **Controlled Folder Access Allowed Applications**, toggle the switch to **Configured**, and then add apps that should have access to protected folders.
225
+
You can optionally specify these other settings:
229
226
230
-
Then choose **Next**.
227
+
- Next to **Controlled Folder Access Protected Folders**, toggle the switch to **Configured**, and then add folders that need to be protected.
228
+
- Next to **Controlled Folder Access Allowed Applications**, toggle the switch to **Configured**, and then add apps that should have access to protected folders.
231
229
232
-
7. On the **Scope tags** tab, if your organization is using scope tags, choose **+ Select scope tags**, and then select the tags you want to use. Then, choose **Next**.
233
-
234
-
To learn more about scope tags, see [Use role-based access control (RBAC) and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
230
+
7. On the **Scope tags** tab, if your organization is using scope tags, choose **+ Select scope tags**, and then select the tags you want to use. Then, choose **Next**. To learn more about scope tags, see [Use role-based access control (RBAC) and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
235
231
236
232
8. On the **Assignments** tab, select **Add all users** and **+ Add all devices**, and then choose **Next**. (You can alternately specify specific groups of users or devices.)
0 commit comments