This layer of security blocks local users from accessing managed settings from the device's UEFI (BIOS) menus. DFCI's trust chain uses public key cryptography, and doesn't depend on local UEFI (BIOS) password security. This feature can prevent malware from communicating with OS processes, including elevated OS processes. When you reinstall an older Windows version, install a separate OS, or format the hard drive, you can't override DFCI management. In another example, lock down the boot options to prevent users from booting up another OS, or an older version of Windows that doesn't have the same security features. Reinstalling the OS or wiping the computer won't turn the camera back on. You can disable the camera at the firmware-layer, so it doesn't matter what the end user does. Windows 10 RS5 (1809) and later on supported UEFIįor example, you use Windows client devices in a secure environment, and want to disable the camera.It limits end users control over the BIOS, which is good in a compromised situation. Typically, firmware is more resilient to malicious attacks. In Intune, use this feature to control BIOS settings. For an overview of benefits, scenarios, and prerequisites, see Overview of DFCI.ĭFCI enables Windows to pass management commands from Intune to UEFI (Unified Extensible Firmware Interface). When you use Intune to manage Autopilot devices, you can manage UEFI (BIOS) settings after they're enrolled, using the Device Firmware Configuration Interface (DFCI).
0 kommentar(er)
