1123 – Blocked controlled folder access event.1124 – Audit controlled folder access event. You will need to beware of the events which can be triggered when some application is prevented write access to the protected folder. Also please test it out on some test devices first before turning it on. When implementing Controlled Folder access, please make sure you configure it to Audit the events instead of blocking. When you want some more security, please take a look at Applocker. When you made sure controlled folder access is enabled and configured, a notification will appear on the Windows 10 device where the untrusted app is attempting to make some changes to your documents which are in a protected folder. When you are a victim of a ransomware attack, your files could end up being encrypted. Apps that are not included in the list are prevented from making any changes to files inside protected folders.Ĭontrolled folder access is especially useful when you want to protect the companies documents and information from a ransomware attack. Apps that are included in the list of trusted software work as expected. If not? Please do…Ĭontrolled folder access works with a list of trusted apps. Of course, you will need to make sure you already have enabled Microsoft defender Antivirus real-time protection. I am going to divide this blog into several parts. I decided to create this blog after a question on the Discord WinAdmin/Intune channel on how to exclude the Onedrive Process. I guess when you haven’t implemented Applocker, this feature can be of good use to you. This part will be about enabling and configuring Microsoft/Windows Defender controlled folder access (CFA) in Intune. This blog is the second part of the Endpoint Security series.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |