You have computers that run Windows 10 and are managed by using Microsoft Intune.
Users store their files in a folder named D:\Folder1.
You need to ensure that only a trusted list of applications is granted write access to D:\Folder1.
What should you configure in the device configuration profile?
Microsoft Defender Application Control (previously known as Windows Defender Application Control or WDAC) is the appropriate choice for ensuring that only a trusted list of applications is granted write access to D:\Folder1. This solution is designed to control which applications are allowed to run on a Windows device. By configuring Application Control policies, administrators can specify which applications are trusted and permitted to access certain folders, thus providing the desired level of security for D:\Folder1.
A. Microsoft Defender Exploit Guard This is an ASR rule which is part of Exploit Guard Ref: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide#microsoft-intune Ref: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide
Answer is A: https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy You can configure and deploy Configuration Manager policies that manage all four components of Windows Defender Exploit Guard. These components include: Attack Surface Reduction Controlled folder access Exploit protection Network protection
Microsoft Configuration Manager ??? The question states that the devices are Intune managed...
Windows Defender Exploit Guard is designed to lock down the device against a wide variety of attack vectors and block behaviors commonly used in malware attacks. The components are: * Attack Surface Reduction (ASR) * Network protection * Controlled folder access -> protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders. (...) https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2019
Microsoft Defender Application Control (previously known as Windows Defender Application Control or WDAC) is designed to control which applications are allowed to run on a Windows devic
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy
ChatGPT: To ensure that only a trusted list of applications is granted write access to the folder D:\Folder1 on Windows 10 computers managed by Microsoft Intune, you should configure **Microsoft Defender Application Control** (option D) in the device configuration profile. Microsoft Defender Application Control allows you to control which applications are allowed to run on the device, thereby ensuring that only trusted applications have access to the specified folder.
Some of you are mixing up what WDAC is all about: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune Given answer A is correct
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy#create-an-exploit-guard-policy:~:text=Controlled%20folder%20access%3A%20Configure%20blocking%20or%20auditing%2C%20and%20then%20add%20Apps%20that%20can%20bypass%20this%20policy.%20You%20can%20also%20specify%20additional%20folders%20that%20are%20not%20protected%20by%20default.
Answer is A.
Answer is A.
Windows > Configuration > Administrative Templates > Windows Components > MS Defender AV > MS Defender Exploit Guard > Controlled Folder Access. This is why A is correct.
D Microsoft Defender Application Control (formerly known as Windows Defender Application Control) allows you to control which applications are allowed to run on your devices based on defined policies. By configuring Application Control policies in the device configuration profile, you can restrict write access to the D:\Folder1 directory to only trusted applications, thereby ensuring the security of the folder's contents.
Tested. option A
Devil is in the detail. "Managed using Intune". Microsoft Defender Application Control is set up through The defender Portal, therefor answer is A because it need sto be set up "managing" via Intune.
Microsoft Defender Application Control (Option D): Microsoft Defender Application Control (Device Guard) helps protect against malware and other security threats by controlling which applications are allowed to run on the device. You can use Application Control policies to define and enforce code integrity policies, which specify which applications are allowed to run and which are blocked. By configuring Application Control policies, you can create a trusted list of applications that are allowed to write to D:\Folder1, ensuring that only authorized applications can access and modify the contents of the folder. -Microsoft Defender Exploit Guard : While it provides advanced threat protection features, it doesn't focus on controlling which applications can write to specific folders.
Previous md101 reference https://www.examtopics.com/discussions/microsoft/view/41710-exam-md-101-topic-4-question-21-discussion/
D. "Microsoft Defender Application Control helps ensure that only approved and trusted applications are allowed to run on a Windows system, which can help prevent unauthorized or malicious software from accessing specific folders or files."