You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/deploy/remote-calls-sam.md
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,12 +34,16 @@ To ensure that Windows clients and servers allow your Defender for Identity Dire
34
34
35
35
**To configure required permissions**:
36
36
37
-
1. Locate the policy. In your **Computer configuration > Windows settings > Security settings > Local policies > Security options**, select the **Network access - Restrict clients allowed to make remote calls to SAM** policy. For example:
37
+
1. Create a new group policy or use an existing one.
38
+
1. In your **Computer configuration > Windows settings > Security settings > Local policies > Security options**, select the **Network access - Restrict clients allowed to make remote calls to SAM** policy. For example:
38
39
39
40
:::image type="content" source="../media/samr-policy-location.png" alt-text="Screenshot of the Network access policy selected." lightbox="../media/samr-policy-location.png":::
40
41
41
42
1. Add the DSA to the list of approved accounts able to perform this action, together with any other account that you've discovered during audit mode.
42
43
44
+
:::image type="content" source="../media/restrict-clients-allowed-to-make-remote-calls-to-sam.png" alt-text="Screenshot of the Network access policy settings." lightbox="../media/restrict-clients-allowed-to-make-remote-calls-to-sam.png":::
45
+
46
+
43
47
For more information, see [Network access: Restrict clients allowed to make remote calls to SAM](/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls).
44
48
45
49
## Make sure the DSA is allowed to access computers from the network (optional)
@@ -60,6 +64,8 @@ To ensure that Windows clients and servers allow your Defender for Identity Dire
60
64
>
61
65
> The [Microsoft Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319) recommends replacing the default *Everyone* with *Authenticated Users* to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the [Access this computer from the network](/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network) setting from a GPO, and consider including *Authenticated Users* in the GPO if needed.
62
66
67
+
:::image type="content" source="../media/define-security-policy-setting.png" alt-text="Screenshot of Security Policy Settings." lightbox="../media/define-security-policy-setting.png":::
68
+
63
69
## Configure a Device profile for Microsoft Entra hybrid joined devices only
64
70
65
71
This procedure describes how to use the [Microsoft Intune admin center](https://intune.microsoft.com/) to configure the policies in a Device profile if you're working with Microsoft Entra hybrid joined devices.
0 commit comments