You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-p1-setup-configuration.md
+6-7Lines changed: 6 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ ms.topic: overview
10
10
ms.service: defender-endpoint
11
11
ms.subservice: onboard
12
12
ms.localizationpriority: medium
13
-
ms.date: 09/13/2023
13
+
ms.date: 05/31/2024
14
14
ms.reviewer: shlomiakirav
15
15
f1.keywords: NOCSH
16
16
ms.collection:
@@ -208,21 +208,20 @@ We recommend using Intune to configure controlled folder access.
208
208
209
209
:::image type="content" source="/defender/media/mde-p1/mem-asrpolicies.png" alt-text="attack surface reduction policies in the Intune portal" lightbox="/defender/media/mde-p1/mem-asrpolicies.png":::
210
210
211
-
1. Go to the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
211
+
1. Go to the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) and sign in.
212
212
213
213
2. Select **Endpoint Security**, and then select **Attack Surface Reduction**.
214
214
215
215
3. Choose **+ Create Policy**.
216
216
217
-
4. For **Platform**, select **Windows 10and later**, and for **Profile**, select **Attack surface reduction rules**. Then choose **Create**.
217
+
4. For **Platform**, select **Windows 10, Windows 11, and Windows Server**, and for **Profile**, select **Attack surface reduction rules**. Then choose **Create**.
218
218
219
219
5. On the **Basics** tab, name the policy and add a description. Select **Next**.
220
220
221
-
6. On the **Configuration settings** tab, in the **Attack Surface Reduction Rules** section, scroll down to the bottom. In the **Enable folder protection** drop-down, select **Enable**. You can optionally specify these other settings:
221
+
6. On the **Configuration settings** tab, in the **Attack Surface Reduction Rules** section, scroll down to the bottom. In the **Enable Controlled Folder Access** drop-down, select **Enable**. You can optionally specify these other settings:
222
222
223
-
- Next to **List of additional folders that need to be protected**, select the drop-down menu, and then add folders that need to be protected.
224
-
- Next to **List of apps that have access to protected folders**, select the drop-down menu, and then add apps that should have access to protected folders.
225
-
- Next to **Exclude files and paths from attack surface reduction rules**, select the drop-down menu, and then add the files and paths that need to be excluded from attack surface reduction rules.
223
+
- Next to **Controlled Folder Access Protected Folders**, toggle the switch to **Configured**, and then add folders that need to be protected.
224
+
- Next to **Controlled Folder Access Allowed Applications**, toggle the switch to **Configured**, and then add apps that should have access to protected folders.
0 commit comments