From 15ae1696b501c4fc5f165eac611048e5d199e82f Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 21 Jun 2022 16:01:54 +0530 Subject: [PATCH] changes as per updated reference document from SME --- windows/security/TOC.yml | 4 +- ...otection-microsoft-defender-smartscreen.md | 94 +++++++++++++++++++ ...-sensors-microsoft-defender-smartscreen.md | 94 ------------------- 3 files changed, 96 insertions(+), 96 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md delete mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/phishing-sensors-microsoft-defender-smartscreen.md diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index 91718a40e4..639c408b3a 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -280,8 +280,8 @@ - name: Microsoft Defender SmartScreen overview href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md items: - - name: Phishing Sensors in Microsoft Defender SmartScreen - href: threat-protection\microsoft-defender-smartscreen\phishing-sensors-microsoft-defender-smartscreen.md + - name: Enhanced Phishing Protection for Microsoft Defender SmartScreen + href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md - name: Configure S/MIME for Windows href: identity-protection\configure-s-mime.md - name: Windows Credential Theft Mitigation Guide Abstract diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md new file mode 100644 index 0000000000..54bb5f6838 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md @@ -0,0 +1,94 @@ +--- +title: Enhanced Phishing Protection for Microsoft Defender SmartScreen +description: Learn how Phishing sensors in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. +ms.prod: m365-security +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +author: v-mathavale +ms.author: v-mathavale +audience: IT Admin +ms.localizationpriority: medium +ms.date: 06/16/2022 +ms.reviewer: +manager: dansimp +ms.technology: windows-sec +adobe-target: true +--- + +# Enhanced Phishing Protection for Microsoft Defender SmartScreen + +**Applies to:** + +- Windows 11 + +Concerned about your users accidentally typing your password into a malicious site or app pretending to be safe? Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps connecting to those sites. + +Enhanced Phishing Protection works alongside Windows security protections and helps protect typed work or school passwords used to sign into Windows 11 in three ways: + +- If a user types their Microsoft account password on any browser into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection for Microsoft Defender SmartScreen will alert them. It will also prompt them to change their password so attackers can’t gain access to their account. + +- Reusing work or school passwords on other sites makes it easy for attackers who compromise user’s password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their Microsoft account password on other sites or apps and prompt them to change their password. + +- Since it’s unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their password in Notepad, Winword, or any M365 Office app and recommends them to delete their password from the file. + + +## Benefits of Enhanced Phishing Protection in Microsoft Defender SmartScreen + +Enhanced Phishing Protection provides robust phishing protections for work or school passwords that are used to sign into Windows 11. Arm your users against credential phishing scams and enjoy: + +**Anti-phishing support:** Phishing attacks trick users through convincing imitations of safe content or through credential harvesting content hosted inside trusted sites and applications. Enhanced Phishing Protection helps protect users from reported phishing sites by evaluating a website’s URLs and other characteristics to determine if they’re known to distribute or host unsafe content. + +**Secure operating system integration:** Enhanced Phishing Protection is integrated directly into the Windows 11 operating system, so it can understand users’ password entry context (including process connections, URLs, certificate information, etc.) in any browser or app. Because Enhanced Phishing Protection has unparalleled insight into what is happening at the OS level, it can identify when users type their work or school password unsafely. If users do use their work or school password unsafely, the feature empowers users to change their password to minimize the chances of their compromised credential being weaponized against them. + +**Unparalleled telemetry shared throughout Microsoft’s security suite:** Enhanced Phishing Protection is constantly learning from phishing attacks seen throughout the entire Microsoft security stack and works alongside other Microsoft security products to provide a layered approach to password security. This solution is also a perfect way to protect lingering passwords while enterprises progress in their password less authentication journey. If your organization uses Microsoft Defender for Endpoint, you’ll be able to see valuable phishing sensors data in the M365D Portal. This enables you to view Enhanced Phishing Protection alerts and reports for unsafe password usage in your environment. + +**Easy management through Group Policy and Microsoft Intune:** Enhanced Phishing Protection works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization’s computer settings. Based on how you set up Enhanced Phishing Protection, you can customize which phishing protection scenarios will show users warning dialogs. + +## Configure Enhanced Phishing Protection for your organization + +### Group Policy settings +Enhanced Phishing Protection uses registry-based Administrative Template policy settings supported only on Windows 11. + +|Setting |Description | +|---------|---------| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. When in audit mode Enhanced Phishing Protection captures unsafe password entry events and sends telemetry through Microsoft Defender.

If you enable this policy setting or don’t configure this setting, Enhanced Phishing Protection is enabled in audit mode and your users are unable to turn it off.

If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on.| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a login URL with an invalid certificate.

If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.

If you disable or don’t configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.

If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.

If you disable or don’t configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in text editor apps like OneNote, Word, Notepad, etc.

If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in text editor apps.

If you disable or don’t configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in text editor apps.| + +### MDM settings +If you manage your policies using Microsoft Intune, you’ll want to use these MDM policy settings. All settings support desktop computers running Windows 11, enrolled with Microsoft Intune. + +|Setting |Details | +|---------|---------| +|ServiceEnabled |
  • **URI full path:** ./Vendor/MSFT/Policy/Config/…
  • **Data Type:** Integer
  • **Allowed values:**