Device Security
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Device Security

      Device Controlled Folder Access Folder Addition

      This guide will allow administrators to configure a folder that will not be allowed to be altered by the end-user.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: Device Security

      Domain: Attack Surface Reduction Management

      Modifies: Sanctioned Controlled Folders

      Defender Controlled Folder Access Folder Addition

      1. Navigate to Attack Surface Reduction – Intune, locate the Security Essentials Attack Surface Reduction configuration item.
      2. Scroll down to Configuration Settings and select Edit.
      3. Scroll down the list of policies to the end. Click the toggle for Controlled Folder Access Protected Folders, if not already enabled. (Note: When set to the Not Configured option, it simply means no additional user folders are protected from application modify and delete permissions.)
      4. In the text box, enter the full path to the folder you wish to protect. If a folder should be deleted, select the checkbox next to the specified path and click Delete.
      5. Click Review and Save on the next page, followed by Save. Rule changes propagate in less than 24 hours.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.