diff options
| author | Alex Chan <alexc@tailscale.com> | 2025-10-16 11:13:41 +0100 |
|---|---|---|
| committer | Alex Chan <alex@alexwlchan.net> | 2025-10-16 15:27:35 +0100 |
| commit | 0ce88aa3433022bb96f3c2a97f5bfd7d2940d205 (patch) | |
| tree | a7066c9b2642205ed0b1db18ded54d752beb8db4 /docs | |
| parent | 419fba40e02c693cc02c0416d4d837a47d69e7a8 (diff) | |
| download | tailscale-0ce88aa3433022bb96f3c2a97f5bfd7d2940d205.tar.xz tailscale-0ce88aa3433022bb96f3c2a97f5bfd7d2940d205.zip | |
all: use a consistent capitalisation for "Tailnet Lock"
Updates https://github.com/tailscale/corp/issues/13108
Signed-off-by: Alex Chan <alexc@tailscale.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/windows/policy/en-US/tailscale.adml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/windows/policy/en-US/tailscale.adml b/docs/windows/policy/en-US/tailscale.adml index 58e13be19..a0be5e831 100644 --- a/docs/windows/policy/en-US/tailscale.adml +++ b/docs/windows/policy/en-US/tailscale.adml @@ -61,7 +61,7 @@ Managing authentication keys via Group Policy and MDM solutions poses significan While MDM solutions tend to offer better control over who can access the policy setting values, they can still be compromised. Additionally, with both Group Policy and MDM solutions, the auth key is always readable by all users who have access to the device where this policy setting applies, as well as by all applications running on the device. A compromised auth key can potentially be used by a malicious actor to gain or elevate access to the target network. -Only consider this option after carefully reviewing the organization's security posture. For example, ensure you configure the auth keys specifically for the tag of the device and that access control policies only grant necessary access between the tailnet and the tagged device. Additionally, consider using short-lived auth keys, one-time auth keys (with one GPO/MDM configuration per device), Device Approval, and/or Tailnet lock to minimize risk. If you suspect an auth key has been compromised, revoke the auth key immediately. +Only consider this option after carefully reviewing the organization's security posture. For example, ensure you configure the auth keys specifically for the tag of the device and that access control policies only grant necessary access between the tailnet and the tagged device. Additionally, consider using short-lived auth keys, one-time auth keys (with one GPO/MDM configuration per device), Device Approval, and/or Tailnet Lock to minimize risk. If you suspect an auth key has been compromised, revoke the auth key immediately. If you enable this policy setting and specify an auth key, it will be used to authenticate the device unless the device is already logged in or an auth key is explicitly specified via the CLI. |