0DBBAA79-4A61-BF7D-84AB-90D92CFE43AA
Windows Desktop
An example policy for Windows desktops.
false
0
1
17
0
17
-1
17
-1
17
-1
17
0
0
17
-1
true
17
-1
4A80E8AD-CAD8-4686-91A0-33407493B939
Network Broadcast
255.255.255.255/255.255.255.255
E5B9BBA9-BB81-80DC-2788-E4985654D32C
Domain Controller(s)
A list of domain controllers from which clients should accept traffic
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
DB7818C8-D284-1B98-A17B-9DF5E37DE7CE
DHCP Server
67
false
C7988A61-0C80-A2DC-F460-165337E007B6
DHCP Client
68
false
DB1664F0-1D11-DB40-C6D2-9E0C180EC3CA
Domain Controller to Client (TCP)
TCP ports used for Domain Controller to client traffic
42 # WINS,88 # Kerberos,135 # DCOM Service Control Manager,139 # netbios-ssn,445 # microsoft-ds,3268 # Global Catalog,3269 # Global Catalog over SSL
false
045469B9-82A6-8AC7-308E-9D9CEBED35C7
Domain Controller to Client (UDP)
UDP ports used for Domain Controller to client traffic
53 # DNS,88 # Kerberos,137 # Netbios-ns,138 # Netbios datagram service
false
C22D3F42-C5A1-E745-AFCE-24E79DEEF6EE
NetBios - ns
137
false
181731C1-C237-F5F4-8C1C-229CCD4F5F2E
Every Day All Day
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
DFCB0726-ED39-4ECC-B987-01E0B1DF9A89
Directory Exclusions (Windows)
${ProgramFiles}\Microsoft Monitoring Agent\Agent\Health Service State\<:>${Windir}\Logs\<:>${Systemdrive}\WindowsAzure\Logs\<:>${Systemdrive}\Packages\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\<:>
false
DFE037D4-7B72-4809-BC3C-FD60F3099952
File Exclusions (Windows)
${windir}\Prefetch*.pf<:>${Systemdrive}\inetpub\logs*.log<:>${windir}\System32\winevt\logs*.evtx<:>${windir}\SoftwareDistribution\DataStore\DataStore.edb
false
744ED36D-37EB-9956-D745-BE1C9FD7BCCB
Process Image Files (Windows)
C:\Program Files\Citrix\User Profile Manager\UserProfileManager.exe<:>C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe<:>C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe<:>C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe<:>C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe<:>C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe<:>C:\Program Files\Windows Defender Advanced Threat Protection\SenseCM.exe<:>C:\Program Files\Windows Defender\MsMpEng.exe<:>C:\Program Files\Windows Defender\MpCmdRun.exe<:>C:\Program Files\Windows Defender\NisSrv.exe
false
Desktop Default Manual Scan Configuration
2
3
true
60
2
1
true
1
22B11EEE-754B-4E24-B00F-EC8B25B3F22F
false
true
0
2
true
2
true
true
3
10
true
1
false
false
false
false
false
false
0
0
false
false
false
Desktop Default Scheduled Scan Configuration
2
3
true
60
2
1
true
1
531575BE-D5E5-42C2-8027-3E5B3A654AA7
false
true
0
2
true
2
true
true
3
10
true
1
false
false
false
false
false
false
0
0
true
1
1
true
false
Desktop Default Real-Time Scan Configuration
1
3
true
2
2
1
1
1
true
1
19F7FB1C-B33E-4446-B38B-5C6A88134679
true
true
0
1
false
true
true
3
2
10
true
2
false
true
true
false
true
true
1
0
true
3
0
true
true
1
17
15
4
5
1
true
true
true
Allow ICMP type 3 code 4
This ICMP packet is used for MTU path negotiation
1
3
false
4
1
1
2048
false
1
1
false
0
false
0
false
0
false
0
false
0
false
0
false
false
0
false
3
4
false
false
false
300
97931DC8-F5CA-EB01-4D8A-DD9271A53C71
ARP
Allow incoming ARP traffic
1
3
false
0
1
2
2054
false
0
0
false
0
false
0
false
0
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
95CB427F-AAA1-41AE-0E35-1963829393AA
Allow PPPOE Session
1
1
false
0
1
255
34916
false
0
0
false
0
false
0
false
0
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
D6650A63-3C7B-EB48-AC7B-00027429FA38
Domain Client (UDP)
Allow incoming traffic from the domain controller
1
3
false
2
1
1
2048
false
6
17
false
3
2
false
0
false
3
4
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
FF3DF26D-B89E-AE0F-09CD-625E9890A5A6
Allow solicited ICMP replies
ICMP stateful must be enabled
1
1
false
0
1
1
2048
false
1
1
false
0
false
0
false
0
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
76ED6484-D816-E263-242B-02757A7C61C8
Allow solicited TCP/UDP replies
UDP stateful and TCP stateful must be enabled
1
1
false
0
1
1
2048
false
10
4358
false
0
false
0
false
0
false
0
false
0
false
0
false
false
2
true
-1
-1
false
false
false
300
19CDBA0B-8473-A501-72EF-413FEA53A28F
Wireless Authentication
Allow wireless authentication traffic
1
3
false
2
1
255
34958
false
0
0
false
0
false
0
false
0
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
88079CC5-0E1C-7AA2-BE8C-F076D5CDA793
DHCP Client
Allow DHCP Offer traffic to a DHCP Client
1
3
false
2
1
1
2048
false
6
17
false
0
false
0
false
3
1
false
3
1
false
0
false
3
2
false
true
0
false
-1
-1
false
false
false
300
F7B54805-7B9F-DB9D-5742-3237235A75D9
NetBios Name Service
For hosts that rely on NetBios for name resolution
1
3
false
2
1
1
2048
false
6
17
false
0
false
0
false
3
5
false
0
false
0
false
3
5
false
true
0
false
-1
-1
false
false
false
300
2809A63A-BA1C-46BB-2F97-71D42EF9ECC4
Allow PPPOE Discovery
1
1
false
0
1
255
34915
false
0
0
false
0
false
0
false
0
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
3E0244AC-B6CF-647D-6CEF-A8D6F8C30AE4
Domain Client (TCP)
Allow incoming traffic from the domain controller
1
1
false
0
1
1
2048
false
4
6
false
3
2
false
0
false
3
3
false
0
false
0
false
0
false
true
0
false
-1
-1
false
false
false
300
17
1
true
17
2
true
17
3
true
17
4
true
17
5
true
17
6
true
17
7
true
17
8
true
17
9
true
17
10
true
17
11
true