Within the first profile type it’s basically part of a template that contains all the different attack surface reducation options and within the second profile types it’s simply possible to create a custom collection of settings that only contains the required settings. When looking at the configuration of controlled folder access, that can be achieved by using an Attack Surface Reduction Rules profile or by using a Settings Catalog profile. For a single device that can also be achieved by using PowerShell via Set-MpPreference -EnableControlledFolderAccess AuditMode. To evaluate controlled folder access, use Microsoft Intune to enable audit mode. Important: Scripting engines are not trusted and cannot be allowed access to protected folders. Other non-listed apps will be prevented from making changes to files inside the protected folders.
By default, most apps will be allowed access to protected folders, without the need to specifically specify those apps, as apps are alowed based on their prevalence and reputation. And that list can also be configured within the controlled folder access configuration. That list is used to allow trusted apps access to the protected folders. Note: It’s not possible to remove the Windows system folders from the list of folders that are protected by default.īesides that list of protected folders, there is also the list of trusted apps. By default, the public and user folders of Documents, Pictures, Videos, Music, and Favorites and the Windows system folders, are included in the list of protected folders. That configuration can be done by using Microsoft Intune.
Protected folders are specified within the controlled folder access configuration. It works by only allowing trusted apps to access the folders that are protected with controlled folder access. Introducing controlled folder accessĬontrolled folder access is a great method for further protecting data from malicious apps and threats. This post will mainly focus on the local configuration of controlled folder access and the user experience. To get detailed reporting information, it can be used with Microsoft Defender for Endpoint.
That also makes it mainly a local security feature. That makes it a perfect addition to further protect the (corporate) data on Windows devices. It helps protect the data in the controlled folders from malicious apps and threats, by checking apps against a list of known, trusted apps. Controlled folder access is a great addition to further minimize the attack surface of Windows devices. Not something particular new, but something important to be familiar with. This week is all about controlled folder access.
0 kommentar(er)
