Windows-itpro-docs: IMPORTANT: Inverted (Opposite) values exist in Group policy for below CSP settings
[Hi, I have encountered one problem with the following csp settings
Defender/AllowEmailScanning
Defender/AllowArchiveScanning
Defender/AllowBehaviorMonitoring
Defender/AllowScanningNetworkFiles
Defender/AllowFullScanOnMappedNetworkDrives
Defender/AllowFullScanRemovableDriveScanning
Supported values of the above CSP settings and its equivalent group policy settings are inverted. The above settings' supported values meaning is different in its equivalent group policy settings. Could anybody look into this, why it is like that? or this documentation is having incorrect values by mistake?
Thanks]
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 66b1ab2e-1964-5580-7c99-4bd4cd480075
- Version Independent ID: f7b5da46-04cb-3501-65fa-870a3c6f09b8
- Content: Policy CSP - Defender - Windows Client Management
- Content Source: windows/client-management/mdm/policy-csp-defender.md
- Product: w10
- Technology: windows
- GitHub Login: @ManikaDhiman
- Microsoft Alias: dansimp
yogeshasalkar
All 6 comments
@yogeshasalkar . just now i checked on windows 10 desktop. i found, what you told is correct.
MDM means mobile device management , i think in windows 10 mobile os contains different registry path.
I also need correct conformation from the windows 10 admx templates designers.
Also in this article, admx path file for windows 10 desktop editions. but main title says MDM
RAJU2529
on 19 Jun 2020
@e0i, @ManikaDhiman , @denisebmsft, Please look in this issue,please give the explanation , why those registry settings are inverted as per @yogeshasalkar said
RAJU2529
on 19 Jun 2020
@RAJU2529 thanks for confirming it. It is serious issue that needs to be resolved by MS. Let's see.
yogeshasalkar
on 19 Jun 2020
Hi @yogeshasalkar, @RAJU2529, For the following policy settings, I could not find any discrepancy in the supported values mentioned in the CSP doc and what is available in Local Group Policy Editor:
- Defender/AllowEmailScanning
- Defender/AllowArchiveScanning
- Defender/AllowBehaviorMonitoring
- Defender/AllowFullScanOnMappedNetworkDrives
However, for the following policy settings, there is a discrepancy in the "default" value:
- Defender/AllowScanningNetworkFiles (Per doc, 1 (Allowed) is the default; per Local Group Policy Editor, disable is the default)
- Defender/AllowFullScanRemovableDriveScanning (Per doc, 1 (Allowed) is the default; per Local Group Policy Editor, disable is the default)
In addition to these, there are a couple more Defender policy settings with similar (default value) discrepancies. I will reach out to the policy owners to confirm the default values for those policy settings and update the topic as needed. Thanks!
ManikaDhiman
on 27 Jun 2020
Thank you for looking into this. It is always a good thing to get verifications that a report contains valid observations.
illfated
on 27 Jun 2020
@yogeshasalkar @RAJU2529 - Thank you for submitting feedback.
From our understanding, the issue you raised has been answered by the author @ManikaDhiman so we will close this issue.
Thank you for your contribution to make the docs better! Much appreciated!
mypil
on 28 Jun 2020
Related issues
sundhaug92
·
3Comments
ang216
·
3Comments
RAJU2529
·
3Comments
zjalexander
·
3Comments
arcotek-ltd
·
3Comments