Enable - Encode presheared keys using UTF-8.Pre-shared key encoding Default: Not configuredįirewall CSP: MdmStore/Global/PresharedKeyEncoding Specify an idle time in seconds, after which security associations are deleted. Security association idle time before deletion Default: Not configured Not configured - The firewall does stateful FTP filtering to allow secondary connections.These settings are applicable to all network types.įile Transfer Protocol Default: Not configuredįirewall CSP: MdmStore/Global/DisableStatefulFtp Microsoft Defender Firewall Global settings Not configured - Keeps the files local on the device, and doesn't download files to the host file system.Enable - Users can download files from the virtualized browser onto the host operating system.Not configured Use the device's CPU for graphics Don't use the virtual graphics processing unit.ĭownload files to host file system Default: Not configuredĪpplication Guard CSP: Settings/SaveFilesToHost.Enable - Load graphic-intensive websites and video faster by getting access to a virtual graphics processing unit.Graphics acceleration Default: Not configuredĪpplication Guard CSP: Settings/AllowVirtualGPU Not configured Discard user-downloaded files and data when the device restarts, or when a user signs out.Allow Save user data (such as passwords, favorites, and cookies) that's created during an Application Guard virtual browsing session.Retain user-generated browser data Default: Not configuredĪpplication Guard CSP: Settings/AllowPersistence Not configured - Don't collect any logs within the browsing session.Allow - Collect logs for events that occur within an Application Guard browsing session.Select one or more of the following options:Īpplication Guard CSP: Audit/AuditApplicationGuard When you Allow printing, you then can configure the following setting: Not configured Disable all print features.Allow - Allows the printing of selected content from the virtual browser.Print from virtual browser Default: Not configuredĪpplication Guard CSP: Settings/PrintingSettings Not configured - Non-enterprise sites can open on the device.Block - Block content from unapproved websites from loading.Default: Not configuredĪpplication Guard CSP: Settings/ClipboardFileTypeĮxternal content on enterprise sites Default: Not configuredĪpplication Guard CSP: Settings/BlockNonEnterpriseContent This setting is available only when Clipboard behavior is set to one of the allow settings.
Trusted sites are defined by a network boundary, which are configured in Device Configuration. With Application Guard, sites that aren't in your isolated network boundary open in a Hyper-V virtual browsing session. Microsoft Defender Application Guardįor Microsoft Edge, Microsoft Defender Application Guard protects your environment from sites that aren't trusted by your organization. Before you beginĬreate an endpoint protection device configuration profile.įor more information about configuration service providers (CSPs), see Configuration service provider reference. To configure Microsoft Defender Antivirus, see Windows device restrictions or use endpoint security Antivirus policy. To manage device security, you can also use endpoint security policies, which focus directly on subsets of device security. This article describes the settings in the device configuration Endpoint protection template. Microsoft Intune includes many settings to help protect your devices.
For more information, see Settings catalog. To see the settings you can configure, create a device configuration profile, and select Settings Catalog. Not all settings are documented, and won’t be documented. Intune may support more settings than the settings listed in this article.