Bloquear Puertos Usb Con Software Average ratng: 8,6/10 9073 reviews
Windows 10 (and newer) device settings to allow or restrict features using Intune. 62 minutes to read.In this articleThis article lists and describes all the different settings you can control on Windows 10 and newer devices. As part of your mobile device management (MDM) solution, use these settings to allow or disable features, set password rules, customize the lock screen, use Microsoft Defender, and more.These settings are added to a device configuration profile in Intune, and then assigned or deployed to your Windows 10 devices. TipAfter you setup a, you can configure these settings, and then deploy to your Windows devices.
Control Panel and Settings. Settings app: Block prevents end users from accessing to the Windows settings app. Not configured (default) allows users to open the Settings app on the device.System: Block prevents access to the System area of the Settings app. When set to Not configured (default), Intune doesn't change or update this setting.
Como Bloquear En Facebook
Power and sleep settings modification (desktop only): Block prevents end users from changing the power and sleep settings on the device. Not configured (default) allows users to change power and sleep settings.Devices: Block prevents access to the Devices area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.Network Internet: Block prevents access to the Network & Internet area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.Personalization: Block prevents access to the Personalization area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.Apps: Block prevents access to the Apps area of the Settings app on the device.
When set to Not configured (default), Intune doesn't change or update this setting.Accounts: Block prevents access to the Accounts area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.Time and Language: Block prevents access to the Time & Language area of the Settings app on the device.
When set to Not configured (default), Intune doesn't change or update this setting.System Time modification: Block prevents end users from changing the date and time settings on the device. When set to Not configured (default), Intune doesn't change or update this setting. Users can change these settings.Region settings modification (desktop only): Block prevents end users from changing the region settings on the device.
When set to Not configured (default), Intune doesn't change or update this setting. Users can change these settings.Language settings modification (desktop only): Block prevents end users from changing the language settings on the device. When set to Not configured (default), Intune doesn't change or update this setting. Users can change these settings.Gaming: Block prevents access to the Gaming area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.Ease of Access: Block prevents access to the Ease of Access area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.Privacy: Block prevents access to the Privacy area of the Settings app on the device.
When set to Not configured (default), Intune doesn't change or update this setting.Update and Security: Block prevents access to the Update & Security area of the Settings app on the device. When set to Not configured (default), Intune doesn't change or update this setting.DisplayThese settings use the; which also lists the supported Windows editions.GDI DPI scaling enables applications that aren't DPI aware to become per monitor DPI aware.Turn on GDI scaling for apps: Add the legacy apps that you want GDI DPI scaling turned on.
For example, enter filename.exe or%ProgramFiles%PathFilename.exe.GDI DPI scaling is turned on for all legacy applications in your list.Turn off GDI scaling for apps: Add the legacy apps that you want GDI DPI scaling turned off. For example, enter filename.exe or%ProgramFiles%PathFilename.exe.GDI DPI scaling is turned off for all legacy applications in your list.You can also Import a.csv file with the list of apps. GeneralThese settings use the; which also lists the supported Windows editions.Screen capture (mobile only): Block prevents end users from getting screenshots on the device.
When set to Not configured (default), Intune doesn't change or update this setting.Copy and paste (mobile only): Block prevents end users from using copy-and-paste between apps on the device. When set to Not configured (default), Intune doesn't change or update this setting.Manual unenrollment: Block prevents end users from deleting the workplace account using the workplace control panel on the device. When set to Not configured (default), Intune doesn't change or update this setting.This policy setting doesn't apply if the computer is Azure AD joined and auto-enrollment is enabled.Manual root certificate installation (mobile only): Block prevents end users from manually installing root certificates, and intermediate CAP certificates.
When set to Not configured (default), Intune doesn't change or update this setting.Camera: Block prevents end users from using the camera on the device. When set to Not configured (default), Intune doesn't change or update this setting.OneDrive file sync: Block prevents end users from synchronizing files to OneDrive from the device. When set to Not configured (default), Intune doesn't change or update this setting.Removable storage: Block prevents end users from using external storage devices, like SD cards with the device. When set to Not configured (default), Intune doesn't change or update this setting.Geolocation: Block prevents end users from turning on location services on the device. When set to Not configured (default), Intune doesn't change or update this setting.Internet sharing: Block prevents Internet connection sharing on the device. When set to Not configured (default), Intune doesn't change or update this setting.Phone reset: Block prevents end users from wiping or doing a factory reset on the device. When set to Not configured (default), Intune doesn't change or update this setting.USB connection: Block prevents access to external storage devices through a USB connection on the device.
When set to Not configured (default), Intune doesn't change or update this setting. USB charging isn't affected by this setting.AntiTheft mode (mobile only): Block prevents end users from selecting AntiTheft mode preference on the device. When set to Not configured (default), Intune doesn't change or update this setting.Cortana: Block disable the Cortana voice assistant on the device. When Cortana is off, users can still search to find items on the device. Not configured (default) allows Cortana.Voice recording (mobile only): Block prevents end users from using the device voice recorder on the device. Not configured (default) allows voice recording for apps.Device name modification (mobile only): Block prevents end users from changing the name of the device. When set to Not configured (default), Intune doesn't change or update this setting.Add provisioning packages: Block prevents the run time configuration agent that installs provisioning packages on the device.
When set to Not configured (default), Intune doesn't change or update this setting.Remove provisioning packages: Block prevents the run time configuration agent that removes provisioning packages from the device. When set to Not configured (default), Intune doesn't change or update this setting.Device discovery: Block prevents the device from being discovered by other devices. When set to Not configured (default), Intune doesn't change or update this setting.Task Switcher (mobile only): Block prevents task switching on the device. When set to Not configured (default), Intune doesn't change or update this setting.SIM card error dialog (mobile only): Block error messages from showing on the device if no SIM card is detected. Not configured (default) shows the error messages.Ink Workspace: Choose if and how user access the ink workspace. Your options:.
Not configured (default): Turns on the ink workspace, and the user is allowed to use it above the lock screen. Disabled on lock screen: The ink workspace is enabled and feature is turned on.
But, the user can't access it above the lock screen. Disabled: Access to ink workspace is disabled. The feature is turned off.Automatic redeployment: Choose Allow so users with administrative rights can delete all user data and settings using CTRL + Win + R at the device lock screen. The device is automatically reconfigured and re-enrolled into management. Not configured (default) prevents this feature.Require users to connect to network during device setup: Choose Require so the device connects to a network before going past the Network page during Windows setup. Not configured (default) allows users to go past the Network page, even if it's not connected to a network.The setting becomes effective the next time the device is wiped or reset. Like any other Intune configuration, the device must be enrolled and managed by Intune to receive configuration settings.
But once it's enrolled, and receiving policies, then resetting the device enforces the setting during the next Windows setup.Direct Memory Access: Block prevents direct memory access (DMA) for all hot pluggable PCI downstream ports until a user signs into Windows. Enabled (default) allows access to DMA, even when a user isn't signed in.End processes from Task Manager: This setting determines whether non-administrators can use Task Manager to end tasks. Block prevents standard users (non-administrators) from using Task Manager to end a process or task on the device.
Not configured (default) allows standard users to end a process or task using Task Manager.Locked screen experience.Action center notifications (mobile only): Block prevents Action Center notifications from showing on the device lock screen. Not configured (default) allows users to choose which apps show notifications on the lock screen.Locked screen picture URL (desktop only): Enter the URL to a picture in JPG, JPEG, or PNG format that's used as the Windows lock screen wallpaper. For example, enter This setting locks the image, and can't be changed afterwards.User configurable screen timeout (mobile only): Allow lets users configure the screen timeout. Not configured (default) doesn't give users this option.Cortana on locked screen (desktop only): Block prevents users from interact with Cortana when the device is on the lock screen. Not configured (default) allows interaction with Cortana.Toast notifications on locked screen: Block prevents toast notifications from showing on the device lock screen. Not configured (default) allows these notifications.Screen timeout (mobile only): Set the duration (in seconds) from the screen locking to the screen turning off.
Bloquear Puertos Usb Con Software 2017
Supported values are 11-1800. For example, enter 300 to set this timeout to 5 minutes.MessagingThese settings use the; which also lists the supported Windows editions. Message sync (mobile only): Block disables text messages from being backed up and restored, and from syncing messages between Windows devices. Disabling helps avoid information being stored on servers outside of the organization's control. Not configured (default) allows users to change these settings, and sync their messages.
MMS (mobile only): Block disables MMS send and receive functionality on the device. For enterprises, use this policy to disable MMS on devices as part of the auditing or management requirement.
Not configured (default) allows MMS send and receive. RCS (mobile only): Block disables Rich Communication Services (RCS) send and receive functionality on the device. For enterprises, use this policy to disable RCS on devices as part of the auditing or management requirement. Not configured (default) allows RCS send and receive.Microsoft Edge BrowserThese settings use the, which also lists the supported Windows editions. Use Microsoft Edge kiosk modeThe available settings change depending on what you choose. Your options:.
No (default): Microsoft Edge isn't running in kiosk mode. All Microsoft Edge settings are available for you to change and configure. Digital/Interactive signage (single app kiosk): Filters Microsoft Edge settings that are applicable for Digital/Interactive signage Microsoft Edge Kiosk mode for use only on Windows 10 single-app kiosks.
Choose this setting to open a URL full screen, and only show the content on that website. Provides more information on this feature. InPrivate Public browsing (single app kiosk): Filters Microsoft Edge settings that are applicable for InPrivate Public Browsing Microsoft Edge Kiosk mode for use on Windows 10 single-app kiosks.
Runs a multi-tab version of Microsoft Edge. Normal mode (multi-app kiosk): Filters Microsoft Edge settings that are applicable for Normal Microsoft Edge Kiosk mode. Runs a full-version of Microsoft Edge with all browsing features. Public browsing (multi-app kiosk): Filters Microsoft Edge settings that are applicable for Public browsing on a Windows 10 multi-app kiosk. Runs a multi-tab version of Microsoft Edge InPrivate. TipFor more information on what these options do, see.This device restrictions profile is directly related to the kiosk profile you create using the. To summarize:.Create the profile to run the device in kiosk mode.
Select Microsoft Edge as the application and set the Microsoft Edge Kiosk Mode in the Kiosk profile.Create the device restrictions profile described in this article, and configure specific features and settings allowed in Microsoft Edge. Be sure to choose the same Microsoft Edge kiosk mode type as selected in your kiosk profile.is a great resource. ImportantBe sure to assign this Microsoft Edge profile to the same devices as your kiosk profile.Start experience.Start Microsoft Edge with: Choose which pages open when Microsoft Edge starts. Your options:. Custom start pages: Enter the start pages, such as Microsoft Edge loads the start pages you enter. New Tab page: Microsoft Edge load whatever is entered in the New Tab URL setting.
Last session’s page: Microsoft Edge loads the last session page. Start pages in local app settings: Microsoft Edge start with the default start page defined by the OS.Allow user to change start pages: Yes (default) lets users change the start pages. Administrators can use the EdgeHomepageUrls to enter the start pages that users see by default when open Microsoft Edge. No blocks users from changing the start pages.Allow web content on new tab page: When set to Yes (default), Microsoft Edge opens the URL entered in the New Tab URL setting. If the New Tab URL setting is blank, Microsoft Edge opens the new tab page listed in Microsoft Edge settings.
Users can change it. When set to No, Microsoft Edge opens a new tab with a blank page. Users can't change it..New Tab URL: Enter the URL to open on the New Tab page. For example, enter or button: Choose what happens when the home button is selected. Your options:. Start pages: Opens the option you chose in the Start Microsoft Edge with setting.
New Tab page: Opens the URL you entered in the New Tab URL setting. Home button URL: Enter the URL to open.
For example, enter or Hide Home button: Hides the home button.Allow users to change home button: Yes lets users change the home button. The user's changes override any administrator settings to the home button. No (default) blocks users from changing how the administrator configured the home button.Show First Run Experience page (Mobile only): Yes (default) shows the first use introduction page in Microsoft Edge. No stops the introduction page from showing the first time you run Microsoft Edge. This feature allows enterprises, such as organizations enrolled in zero emissions configurations, to block this page.First Run Experience URL list location (Windows 10 Mobile only): Enter the URL that points to the XML file containing the first run page URL(s). For example, enter browser after idle time: Enter the number of idle minutes until the browser is refreshed, from 0-1440 minutes. Default is 5 minutes.
When set to 0 (zero), the browser doesn't refresh after being idle.This setting is only available when running in.Allow pop-ups (desktop only): Yes (default) allows pop-ups in the web browser. No prevents pop-up windows in the browser.Send intranet traffic to Internet Explorer (Desktop only): Yes lets users open intranet websites in Internet Explorer instead of Microsoft Edge.
This setting is for backwards compatibility. No (default) allows users to use Microsoft Edge.Enterprise mode site list location (Desktop only): Enter the URL that points to the XML file containing a list of web sites that open in Enterprise mode. Users can't change this list. For example, enter when opening sites in Internet Explorer: Use this setting to configure Microsoft Edge to show a notification before a site opens in Internet Explorer 11. Your options:. Don't show message: The OS default behavior is used, which may not show a message. Show message that site is opened in Internet Explorer 11: Show the message when opening sites in IE.
Sites open in IE. Show message with option to open sites in Microsoft Edge: Show the message when opening sites in Microsoft Edge. The message includes a Keep going in Microsoft Edge link so users can choose Microsoft Edge instead of IE.
ImportantThis setting requires you to use the Enterprise mode site list location setting, the Send intranet traffic to Internet Explorer setting, or both settings.Allow Microsoft compatibility list: Yes (default) allows using a Microsoft compatibility list. No prevents the Microsoft compatibility list in Microsoft Edge.
This list from Microsoft helps Microsoft Edge properly display sites with known compatibility issues.Preload start pages and New Tab page: Yes (default) uses the OS default behavior, which may be to preload these pages. Preloading minimizes the time to start Microsoft Edge, and load new tabs.
No prevents Microsoft Edge from preloading start pages and the new tab page.Prelaunch Start pages and New Tab page: Yes (default) uses the OS default behavior, which may be to prelaunch these pages. Pre-launching helps the performance of Microsoft Edge, and minimizes the time required to start Microsoft Edge. No prevents Microsoft Edge from pre-launching the start pages and new tab page.Favorites and search.Show Favorites bar: Choose what happens to the favorites bar on any Microsoft Edge page.
Your options:. On Start and new Tab pages: Shows the favorites bar when Microsoft Edge starts, and on all Tab pages. End users can change this setting. On all pages: Shows the favorites bar on all pages.
End users can't change this setting. Hidden: Hides the favorites bar on all pages. End users can't change this setting.Allow changes to favorites: Yes (default) uses the OS default, which allows users to change the list.
No prevents end users from adding, importing, sorting, or editing the Favorites list. Favorites List: Add a list of URLs to the favorites file. For example, add favorites between Microsoft browsers (Desktop only): Yes forces Windows to synchronize favorites between Internet Explorer and Microsoft Edge. Additions, deletions, modifications, and order changes to favorites are shared between browsers. No (default) uses the OS default, which may give users the choice to sync favorites between the browsers.Default search engine: Choose the default search engine on the device. End users can change this value at any time.
Your options:. Search engine in client Microsoft Edge settings. Bing.
Google. Yahoo. Custom value: In OpenSearch Xml URL, enter an HTTPS URL with the XML file that includes the short name and the URL to the search engine, at minimum. For example, enter search suggestions: Yes (default) lets your search engine suggest sites as you type search phrases in the address bar. No prevents this feature.Allow changes to search engine: Yes (default) allows users to add new search engines, or change the default search engine in Microsoft Edge. Choose No to prevent users from customizing the search engine.This setting is only available when running in.Privacy and security.
Allow InPrivate browsing: Yes (default) allows InPrivate browsing in Microsoft Edge. After closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. No prevents end users from opening InPrivate browsing sessions. Save browsing history: Yes (default) allow saving the browsing history in Microsoft Edge. No prevents saving the browsing history.
Clear browsing data on exit (desktop only): Yes clears the history, and browsing data when the user exits Microsoft Edge. No (default) uses the OS default, which may cache the browsing data. Sync browser settings between user's devices: Choose how you want to sync browser settings between devices. Your options:. Allow: Allow syncing of Microsoft Edge browser settings between user’s devices.
Block and enable user override: Block syncing of Microsoft Edge browser settings between user’s devices. Users can override this setting. Block: Block syncing of Microsoft Edge browser setting between users devices. Users can't override this setting.When 'block and enable user override' is selected, user can override admin designation.
Allow Password Manager: Yes (default) allows Microsoft Edge to automatically use Password Manager, which allows users to save and manage passwords on the device. No prevents Microsoft Edge from using Password Manager. Cookies: Choose how cookies are handled in the web browser.
Your options:. Allow: Cookies are stored on the device. Block all cookies: Cookies aren't stored on the device.
Block only third party cookies: Third party or partner cookies aren't stored on the device. Allow Autofill in forms: Yes (default) allows users to change autocomplete settings in the browser, and populate form fields automatically. No disables the Autofill feature in Microsoft Edge. Send do-not-track headers: Yes sends do-not-track headers to websites requesting tracking info (recommended). No (default) does not send headers which allows websites to track the user.
User can configure. Show WebRTC localhost IP address: Yes (default) allows users' localhost IP address to be shown when making phone calls using this protocol. No prevents users' localhost IP address from being shown. Allow live tile data collection: Yes (default) allows Microsoft Edge to collect information from Live Tiles pinned to the start menu. No prevents collecting this information, which may provide users with a limited experience. User can override certificate errors: Yes (default) allows users to access websites that have Secure Sockets Layer/Transport Layer Security (SSL/TLS) errors. No (recommended for increased security) prevents users from accessing websites with SSL or TLS errors.Additional.Allow Microsoft Edge browser (mobile only): Yes (default) allows using the Microsoft Edge web browser on the mobile device.
No prevents using Microsoft Edge on the device. If you choose No, the other individual settings only apply to desktop.Allow address bar dropdown: Yes (default) allows Microsoft Edge to show the address bar drop-down with a list of suggestions. No stops Microsoft Edge from showing a list of suggestions in a drop-down list when you type. When set to No, you:. Help minimize network bandwidth between Microsoft Edge and Microsoft services.
Disable the Show search and site suggestions as I type in Microsoft Edge Settings.Allow full screen mode: Yes (default) allows Microsoft Edge to use fullscreen mode, which shows only the web content and hides the Microsoft Edge UI. No prevents fullscreen mode in Microsoft Edge.Allow about flags page: Yes (default) uses the OS default, which may allow accessing the about:flags page. The about:flags page allows users to change developer settings and enable experimental features.
No prevents end users from accessing the about:flags page in Microsoft Edge.Allow developer tools: Yes (default) allows users to use the F12 developer tools to build and debug web pages by default. No prevents end users from using the F12 developer tools.Allow JavaScript: Yes (default) allows scripts, such as Javascript, to run in the Microsoft Edge browser.
No prevents Java scripts in the browser from running.User can install extensions: Yes (default) allows end users to install Microsoft Edge extensions on the device. No prevents the installation.Allow sideloading of developer extensions: Yes (default) uses the OS default, which may allow sideloading. Sideloading installs and runs unverified extensions. No prevents Microsoft Edge from sideloading using the Load extensions feature. It doesn't prevent sideloading extensions using other ways, such as PowerShell.Required extensions: Choose which extensions can't be turned off by end users in Microsoft Edge. Enter the package family names, and select Add. Provides some guidance.You can also Import a CSV file that includes the package family names.
Or, Export the package family names you enter.Network proxyThese settings use the, which also lists the supported Windows editions. Automatically detect proxy settings: Block disables the device from automatically detecting a proxy auto config (PAC) script. Not configured (default) enables this feature. When enabled, the device tries to find the path to a PAC script. Use proxy script: Choose Allow to enter a path to your PAC script to configure the proxy server. Not configured (default) doesn't let you enter the URL to a PAC script.
Setup script address URL: Enter the URL of a PAC script you want to use to configure the proxy server. Use manual proxy server: Choose Allow to manually enter the name or IP address, and TCP port number of a proxy server. Not configured (default) doesn't let you manually enter details of a proxy server. Address: Enter the name, or IP address of the proxy server. Port number: Enter the port number of your proxy server.
Proxy exceptions: Enter any URLs that must not use the proxy server. Use a semicolon to separate each item.
Bypass proxy server for local address: Not configured (default) prevents using a proxy server for local addresses on your intranet. Allow uses a proxy server for local addresses.PasswordThese settings use the, which also lists the supported Windows editions.Password: Require the end user to enter a password to access the device. Not configured (default) allows access to the device without a password.
Applies to local accounts only. Domain account passwords remain configured by Active Directory (AD) and Azure AD.Required password type: Choose the type of password. Your options:.
Not configured: Password can include numbers and letters. Numeric: Password must only be numbers. Alphanumeric: Password must be a mix of numbers and letters.Minimum password length: Enter the minimum number or characters required, from 4-16. For example, enter 6 to require at least six characters in the password length. ImportantWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that’s when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.Number of sign-in failures before wiping device: Enter the number of authentication failures allowed before the device may be wiped, up to 11. The valid number you enter depends on the edition.
Lists the supported values. 0 (zero) may disable the device wipe functionality.This setting also has a different impact depending on the edition. For specific details on this setting, see the.Maximum minutes of inactivity until screen locks: Enter the length of time a device must be idle before the screen is locked.Password expiration (days): Enter the length of time in days when the device password must be changed, from 1-365. For example, enter 90 to expire the password after 90 days.Prevent reuse of previous passwords: Enter the number of previously used passwords that can't be used, from 1-24.
For example, enter 5 so users can't set a new password to their current password or any of their previous four passwords.Require password when device returns from idle state (Mobile and Holographic): Choose Require so users must enter a password to unlock the device after being idle. Not configured (default) doesn't require a PIN or password when the device resumes from an idle state.Simple passwords: Set to Block so users can't create simple passwords, such as 1234 or 1111. Set to Not configured (default) to let users create passwords like 1234 or 1111. This setting also allows or blocks the use of Windows picture passwords.Automatic encryption during AADJ: Block prevents automatic BitLocker device encryption when the device is prepared for first use, when the device is Azure AD joined. When set to Not configured (default), Intune doesn't change or update this setting. More on.Federal Information Processing Standard (FIPS) policy: Allow uses the Federal Information Processing Standard (FIPS) policy, which is a U.S.
Government standard for encryption, hashing, and signing. When set to Not configured (default), Intune doesn't change or update this setting.
The operating system default may not use FIPS.Windows Hello device authentication: Allow users to use a Windows Hello companion device, such as a phone, fitness band, or IoT device, to sign in to a Windows 10 computer. When set to Not configured (default), Intune doesn't change or update this setting. The operating system default may prevent Windows Hello companion devices from authenticating with Windows.Web sign-in: Enables Windows sign in support for non-ADFS (Active Directory Federation Services) federated providers, such as Security Assertion Markup Language (SAML).
SAML uses secure tokens that provide web browsers a single sign-on (SSO) experience. Your options:. Not configured (default): Intune doesn't change or update this setting.
Enabled: The Web Credential Provider is enabled for sign in. Disabled: The Web Credential Provider is disabled for sign in.Preferred Azure AD tenant domain: Enter an existing domain name in your Azure AD organization. When users in this domain sign in, they don't have to type the domain name. For example, enter contoso.com. TipThis setting may conflict with the Time to perform a daily quick scan setting. Some recommendations:.If you want to schedule a daily quick scan, and a weekly full scan, then:. Configure the Time to perform a daily quick scan setting.
Configure the Type of system scan to perform to do a full scan.If you only want one quick scan daily (no full scan), then use either setting: Time to perform a daily quick scan or Type of system scan to perform. For example, to run a quick scan every Tuesday at 6 AM, configure the Type of system scan to perform setting.Don't configure the Time to perform a daily quick scan setting simultaneously with the Type of system scan to perform set to Quick scan.
These settings may conflict, and a scan may not run.Detect potentially unwanted applications: Choose the level of protection when Windows detects potentially unwanted applications. Your options:. Not configured (default): Microsoft Defender potentially unwanted applications protection is disabled. Block: Microsoft Defender detects potentially unwanted applications, and detected items are blocked.
These items show in history along with other threats. Audit: Microsoft Defender detects potentially unwanted applications, but takes no action.
You can review information about the applications Microsoft Defender would take action against. For example, search for events created by Microsoft Defender in the Event Viewer.For more information about potentially unwanted apps, see.Submit samples consent: Currently, this setting has no impact. Don't use this setting. It may be removed in a future release.Actions on detected malware threats: Choose how you want to handle malware threads. Not configured (default) lets Microsoft Defender choose the best option. When set to Enable, choose the actions you want Defender to take for each threat level it detects: low, moderate, high, and severe.
Your options:. Clean. Quarantine. Remove. Allow. User defined. BlockIf your action isn't possible, then Microsoft Defender chooses the best option to ensure the threat is remediated.Microsoft Defender Antivirus Exclusions.
Files and folders to exclude from scans and real-time protection: Adds one or more files and folders like C:Path or%ProgramFiles%Pathfilename.exe to the exclusions list. These files and folders aren't included in any real-time or scheduled scans. File extensions to exclude from scans and real-time protection: Add one or more file extensions like jpg or txt to the exclusions list. Any files with these extensions aren't included in any real-time or scheduled scans.
Processes to exclude from scans and real-time protection: Add one or more processes of the type.exe,.com, or.scr to the exclusions list. These processes aren't included in any real-time, or scheduled scans.Power settings Battery.Battery level to turn Energy Saver on: When the device is using battery power, enter the battery charge level to turn on Energy Saver from 0-100. Enter a percentage value that indicates the battery charge level. The default value is 70%. When set to 70%, Energy Saver turns on when the battery has 70% charge or less available.Lid close (mobile only): When the device is using battery power, choose what happens when the lid is closed.
Your options:. Not configured (default): Intune doesn't change or update this setting. No action: The device stays on, and continues to use battery power. Sleep: The device goes into sleep mode and uses a small amount of battery charge. The computer is still on, and opened apps and files are stored in random access memory (RAM). Hibernate: The device goes into hibernate mode.
Opened apps and files are stored on the hard disk, and the device turns off. Shutdown: The device shuts down. Opened apps and files are closed without saving.Power button: When the device is using battery power, choose what happens when the Power button is selected. Your options:. Not configured (default): Intune doesn't change or update this setting.
No action: The device stays on, and continues to use battery power. Sleep: The device goes into sleep mode and uses a small amount of battery charge. The computer is still on, and opened apps and files are stored in random access memory (RAM). Hibernate: The device goes into hibernate mode. Opened apps and files are stored on the hard disk, and the device turns off.
Shutdown: The device shuts down. Opened apps and files are closed without saving.Sleep button: When the device is using battery power, choose what happens when the Sleep button is selected. Your options:. Not configured (default): Intune doesn't change or update this setting. No action: The device stays on, and continues to use battery power. Sleep: The device goes into sleep mode and uses a small amount of battery charge. The computer is still on, and opened apps and files are stored in random access memory (RAM).
Hibernate: The device goes into hibernate mode. Opened apps and files are stored on the hard disk, and the device turns off. Shutdown: The device shuts down. Opened apps and files are closed without saving.Hybrid sleep: When the device is using battery power, Disable prevents the device from going into hybrid sleep mode.
When in hybrid sleep mode, opened apps and files are stored in random access memory (RAM) and on the hard disk. It uses a small amount of battery charge. When set to Not configured (default), Intune doesn't change or update this setting.PluggedIn.Battery level to turn Energy Saver on: When the device is plugged in, enter the battery charge level to turn on Energy Saver from 0-100.
Enter a percentage value that indicates the battery charge level. The default value is 70%. When set to 70%, Energy Saver turns on when the battery has 70% charge or less available.Lid close (mobile only): When the device is plugged in, choose what happens when the lid is closed. Your options:.Not configured (default): Intune doesn't change or update this setting.No action: The device stays on.Sleep: The device goes into sleep mode. The computer is still on, and opened apps and files are stored in random access memory (RAM).Hibernate: The device goes into hibernate mode. Opened apps and files are stored on the hard disk, and the device turns off.Shutdown: The device shuts down.
Opened apps and files are closed without saving.Power button: When the device is plugged in, choose what happens when the Power button is selected. Your options:. Not configured (default): Intune doesn't change or update this setting. No action: The device stays on. Sleep: The device goes into sleep mode. The computer is still on, and opened apps and files are stored in random access memory (RAM). Hibernate: The device goes into hibernate mode.
Opened apps and files are stored on the hard disk, and the device turns off. Shutdown: The device shuts down. Opened apps and files are closed without saving.Sleep button: When the device is plugged in, choose what happens when the Sleep button is selected. Your options:. Not configured (default): Intune doesn't change or update this setting. No action: The device stays on.
Sleep: The device goes into sleep mode. The computer is still on, and opened apps and files are stored in random access memory (RAM).
Hibernate: The device goes into hibernate mode. Opened apps and files are stored on the hard disk, and the device turns off. Shutdown: The device shuts down. Opened apps and files are closed without saving.Hybrid sleep: When the device is plugged in, Disable prevents the device from going into hybrid sleep mode. When in hybrid sleep mode, opened apps and files are stored in random access memory (RAM) and on the hard disk.
When set to Not configured (default), Intune doesn't change or update this setting.Next stepsFor additional technical details on each setting and what editions of Windows are supported, see Recommended Content.