Ensure ‘Allow auditing events in Microsoft Defender Application Guard’ is set to ‘Enabled’
Details This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard. The...
- Home
- Security Hardening
- CIS Microsoft Windows 10 Enterprise Release 2004 V1.9.1 Ng
CIS Microsoft Windows 10 Enterprise Release 2004 V1.9.1 Ng
Ensure ‘Allow camera and microphone access in Microsoft Defender Application Guard’ is set to ‘Disabled’
Details The policy allows you to determine whether applications inside Microsoft Defender Application Guard can access the device’s camera and...Ensure ‘Allow data persistence for Microsoft Defender Application Guard’ is set to ‘Disabled’
Details This policy setting allows you to decide whether data should persist across different sessions in Microsoft Defender Application Guard....Ensure ‘Allow files to download and save to the host operating system from Microsoft Defender Application Guard’ is set to ‘Disabled’
Details This policy setting determines whether to save downloaded files to the host operating system from the Microsoft Defender Application...Ensure ‘Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting’ is set to ‘Enabled: Enable clipboard operation from an isolated session to the host’
Details This policy setting allows you to decide how the clipboard behaves while in Microsoft Defender Application Guard. The recommended...Ensure ‘Turn on Microsoft Defender Application Guard in Managed Mode’ is set to ‘Enabled: 1’
Details This policy setting enables application isolation through Microsoft Defender Application Guard (Application Guard). There are 4 options available: 0....Ensure ‘Turn On Virtualization Based Security: Credential Guard Configuration’ is set to ‘Enabled with UEFI lock’
Details This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials. The ‘Enabled with UEFI...Ensure ‘Turn On Virtualization Based Security’ is set to ‘Enabled’
Details This policy setting specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide...Ensure ‘Turn On Virtualization Based Security: Require UEFI Memory Attributes Table’ is set to ‘True (checked)’
Details This option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware support for the...Ensure ‘Turn On Virtualization Based Security: Secure Launch Configuration’ is set to ‘Enabled’
Details Secure Launch protects the Virtualization Based Security environment from exploited vulnerabilities in device firmware. The recommended state for this...