0

I'm trying to create a provisioning package for test PCs and I'm having hard time finding Defender CSP in Windows Configuration Designer.

at first I downloaded Windows Configuration designer from Microsoft store, there was no Defender CSP, only a Defender under policies which has only 20% of the options shown in the actual Defender CSP.

then I installed Windows ADK and used the Windows imaging and configuration designer in there, but still the same.

I'm new to this and don't have Intune subscription, trying to only use provisioning packages for now (.ppkg). how can I access the actual Defender CSP and all of its options?

in the official doc, the path is ./Device/Vendor/MSFT/Defender which should be shown right under the runtime settings but it isn't. am I missing something?

I also see there is Defender DDF, maybe I need to manually import it into the program? I'd gladly do it if I just knew how.

enter image description here

there is a command line for configuration designer too.

For reference, this is all the CSPs available in Windows Configuration Designer: https://learn.microsoft.com/en-us/windows/configuration/wcd/wcd

but in this page on the left side, you can see all the CSPs available. https://learn.microsoft.com/en-us/windows/client-management/mdm/

why only like 10% of CSPs are available in Windows Configuration Designer? how are we supposed to use the rest of them in a .ppkg without MDM subscription? (please cite an official Microsoft source to answer this question)

Improve this question

2 Answers 2

Reset to default
0

You have to start a new "Provision desktop devices" Project. After starting click on "Switch to advanced editor" on the bottom left. Under "Runtime settings" -> "Policies" -> "Defender" you can configure the Defender options.

If you start a new Project with "Advanced Provisioning" you will not see all the options.

Improve this answer
2
  • I already mentioned it in my question, please read it again.
    – user995120
    Jan 30 at 16:59
  • Which specific setting are you missing?
    – DSSO21
    Jan 30 at 18:01
0

The Defender CSP is only available in Windows Configuration Designer if your device has the necessary security configurations. The Defender CSP is only supported for Windows 10 Enterprise and Windows 10 Education editions and is managed by Microsoft Intune or System Center Configuration Manager. If you are not using either of these management tools, you may not have access to the full Defender CSP.

Regarding the lack of some of the other CSPs in the Windows Configuration Designer, some of the CSPs require special permissions, such as Intune enrollment or are only available on certain editions of Windows, such as Windows 10 Enterprise. Microsoft has a complete list of the supported CSPs for each version of Windows.

As for using other CSPs without an Intune subscription, you can create a provisioning package manually by creating an XML file containing the desired configuration settings and then applying it to a device. The XML file should be created in accordance with the syntax and structure specified in the relevant CSP documentation.

Improve this answer
2
  • Hi, those two links you mentioned lead to "404 - Content not found" errors
    – user995120
    Feb 1 at 11:03
  • Btw, I am using Windows 11 22H2 Enterprise edition right now, installed the latest ADK, there is no Defender CSP in Windows Configuration Designer. so maybe you could help me at least with how to use Defender CSP by XML file? and I really would like to know, as you mentioned, where Microsoft shows that which CSPs are in different editions of Windows, when it comes to Configuration Designer.
    – user995120
    Feb 1 at 11:17

You must log in to answer this question.