Ensure ‘Allow auditing events in Windows Defender Application Guard’ is set to ‘Enabled’
Details This policy setting allows you to decide whether auditing events can be collected from Windows Defender Application Guard (WDAG)....
- Home
- Security Hardening
- CIS Microsoft Windows 10 Enterprise Release 1809 V1.6.1 L2 Ng
CIS Microsoft Windows 10 Enterprise Release 1809 V1.6.1 L2 Ng
Ensure ‘Allow camera and microphone access in Windows Defender Application Guard’ is set to ‘Disabled’
Details The policy allows you to determine whether applications inside Windows Defender Application Guard (WDAG) can access the device’s camera...Ensure ‘Allow data persistence for Windows Defender Application Guard’ is set to ‘Disabled’
Details This policy setting allows you to decide whether data should persist across different sessions in Windows Defender Application Guard...Ensure ‘Allow files to download and save to the host operating system from Windows Defender Application Guard’ is set to ‘Disabled’
Details This policy setting determines whether to save downloaded files to the host operating system from the Windows Defender Application...Ensure ‘Allow users to trust files that open in Windows Defender Application Guard’ is set to ‘Enabled: 0 (Do not allow users to manually trust files)’ OR ‘2 (Allow users to manually trust after an antivirus check)’
Details This policy setting allows you to configure required actions and validations that enable users to trust files that open...Ensure ‘Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting’ is set to ‘Enabled: Enable clipboard operation from an isolated session to the host’
Details This policy setting allows you to decide how the clipboard behaves while in Windows Defender Application Guard (WDAG). The...Ensure ‘Turn On Virtualization Based Security: Credential Guard Configuration’ is set to ‘Enabled with UEFI lock’
Details This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials. The ‘Enabled with UEFI...Ensure ‘Turn On Virtualization Based Security’ is set to ‘Enabled’
Details This policy setting specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide...Ensure ‘Turn On Virtualization Based Security: Require UEFI Memory Attributes Table’ is set to ‘True (checked)’
Details This option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware support for the...Ensure ‘Turn On Virtualization Based Security: Secure Launch Configuration’ is set to ‘Enabled’
Details Secure Launch protects the Virtualization Based Security environment from exploited vulnerabilities in device firmware. The recommended state for this...