deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merging changes synced from https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

Browse Source
This commit is contained in:
Learn Build Service GitHub App 2025-04-28 21:49:15 +00:00
commit 1cc599d6ad
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
View File

@ -1,29 +1,30 @@
---
title: Available Microsoft Defender SmartScreen settings
description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
ms.date: 04/15/2025
ms.date: 04/28/2025
ms.topic: reference
---
# Available Microsoft Defender SmartScreen settings
Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show users a warning page and let them continue to the site, or you can block the site entirely.
Microsoft Defender SmartScreen respects Intune, Group Policy, and mobile device management (MDM) settings. You can configure Microsoft Defender SmartScreen to block suspicious content entirely, or show users a warning but allow them to continue to load the content.
See [Windows settings to protect devices using Intune](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-smartscreen-settings) for the controls you can use in Intune.
> [!NOTE]
> For a list of settings available for Enhanced phishing protection, see [Enhanced phishing protection](enhanced-phishing-protection.md#configure-enhanced-phishing-protection-for-your-organization).
## Group Policy settings
SmartScreen uses registry-based Administrative Template policy settings.
|Setting|Description|
|---|--- |
|Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen | This policy setting turns on Microsoft Defender SmartScreen. <br/><br/>If you enable this setting, it turns on Microsoft Defender SmartScreen and your users are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your users or Warn and prevent bypassing the message (effectively blocking the user from the site).<br/><br/>If you disable this setting, it turns off Microsoft Defender SmartScreen and your users are unable to turn it on. <br/><br/>If you don't configure this setting, your users can decide whether to use Microsoft Defender SmartScreen.|
|Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure App Install Control| This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.<br/><br/>This setting doesn't protect against malicious content from USB devices, network shares, or other non-internet sources.<br/><br/>**Important:** Using a trustworthy browser helps ensure that these protections work as expected.|
|Administrative Templates > Windows Components > Windows Defender SmartScreen > Microsoft Edge > Configure Windows Defender SmartScreen | This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your users from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. <br><br>If you enable this setting, Windows Defender SmartScreen is turned on, and users can't turn it off. <br><br>If you disable this setting, Windows Defender SmartScreen is turned off, and users can't turn it on. <br><br>If you don't configure this setting, users can choose whether to use Windows Defender SmartScreen. |
|Administrative Templates > Windows Components > Windows Defender SmartScreen > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites | This policy setting lets you decide whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. <br><br>If you enable this setting, users can't ignore Windows Defender SmartScreen warnings and they're blocked from continuing to the site. <br><br>If you disable or don't configure this setting, users can ignore Windows Defender SmartScreen warnings and continue to the site. |
|Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen | This policy setting controls Microsoft Defender SmartScreen's Application Reputation ("Check apps and files") feature.<br/><br/>If you enable this setting, it turns on Microsoft Defender SmartScreen and your users are unable to turn it off. When enabling this feature, you must pick whether users may choose to ignore warnings and run an unknown or malicious program.<br/><br/>If you disable this setting, it turns off Microsoft Defender SmartScreen and your users are unable to turn it on.<br/><br/>If you don't configure this setting, your users can decide whether to use Microsoft Defender SmartScreen's Application Reputation feature.|
|Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure App Install Control| This policy setting allows you to control whether users can install downloaded apps from outside of the Microsoft Store.<br/><br/>This setting does not impact opening files from USB devices, local network shares, or other non-internet sources.|
|Administrative Templates > Microsoft Edge > SmartScreen settings > Configure Microsoft Defender SmartScreen | This policy setting lets you configure Microsoft Defender SmartScreen in the Microsoft Edge web browser. Microsoft Defender SmartScreen provides warning messages to help protect your users from potential phishing sites, tech scams, and malicious software. By default, Microsoft Defender SmartScreen is turned on.<br><br>If you enable this setting, Microsoft Defender SmartScreen is turned on, and users can't turn it off.<br><br>If you disable this setting, Microsoft Defender SmartScreen is turned off, and users can't turn it on. <br><br>If you don't configure this setting, users can choose whether to use Microsoft Defender SmartScreen.|
|Administrative Templates > Microsoft Edge > SmartScreen settings > Prevent bypassing Windows Defender SmartScreen prompts for sites | This policy setting lets you decide whether users can override Microsoft Defender SmartScreen warnings about potentially malicious websites.<br><br>If you enable this setting, users can't ignore Microsoft Defender SmartScreen warnings and will be blocked from continuing to suspicious sites. <br><br>If you disable or don't configure this setting, users can ignore Microsoft Defender SmartScreen warnings and continue to suspicious sites. |
|Administrative Templates > Microsoft Edge > SmartScreen settings > Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | This policy setting lets you decide whether users can override Microsoft Defender SmartScreen warnings about unverified (potentially malicious) downloads.<br><br>If you enable this setting, users can't ignore Microsoft Defender SmartScreen warnings and will be blocked from downloading unverified files. <br><br>If you disable or don't configure this setting, users can ignore Microsoft Defender SmartScreen warnings and download unverified files. |
> [!NOTE]
> To install the Administrative Templates ADMX file for Microsoft Edge browser policies, see [Configure Microsoft Edge](/deployedge/configure-microsoft-edge).
## MDM settings
@ -38,15 +39,16 @@ If you manage your policies using Microsoft Intune, use these MDM policy setting
## Recommended Group Policy and MDM settings for your organization
By default, Microsoft Defender SmartScreen lets users bypass warnings. Unfortunately, this feature can let users continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
By default, Microsoft Defender SmartScreen allows users to bypass warnings, which allows users to continue to an unsafe site or run an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
| Group Policy setting | Recommendation |
|--|--|
| Administrative Templates > Windows Components > Microsoft Edge > Configure Windows Defender SmartScreen | **Enable.** Turns on Microsoft Defender SmartScreen. |
| Administrative Templates > Windows Components > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites | **Enable.** Stops users from ignoring warning messages and continuing to a potentially malicious website. |
| Administrative Templates > Windows Components > Explorer > Configure Windows Defender SmartScreen | **Enable with the Warn and prevent bypass option.** Stops users from ignoring warning messages about malicious files downloaded from the Internet. |
| Administrative Templates > Microsoft Edge > SmartScreen settings > Configure Microsoft Defender SmartScreen | **Enable.** Turns on Microsoft Defender SmartScreen. |
| Administrative Templates > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites | **Enable.** Stops users from ignoring warning messages and continuing to a potentially malicious website. |
|Administrative Templates > Microsoft Edge > Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads |**Enable.** Stops users from ignoring warning messages and downloading an unverified file |
| MDM setting | Recommendation |
|--|--|
@ -55,3 +57,6 @@ To better help you protect your organization, we recommend turning on and using
| Browser/PreventSmartScreenPromptOverrideForFiles | **1.** Stops users from ignoring warning messages and continuing to download potentially malicious files. |
| SmartScreen/EnableSmartScreenInShell | **1.** Turns on Microsoft Defender SmartScreen in Windows.<br/><br/>Requires at least Windows 10, version 1703. |
| SmartScreen/PreventOverrideForFilesInShell | **1.** Stops users from ignoring warning messages about malicious files downloaded from the Internet.<br/><br/>Requires at least Windows 10, version 1703. |
> [!NOTE]
> For a list of settings available for Enhanced phishing protection, see [Enhanced phishing protection](enhanced-phishing-protection.md#configure-enhanced-phishing-protection-for-your-organization).