deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'jreeds-4099248-SmartScreen-rebrand'

Browse Source
This commit is contained in:
Jreeds001 2020-04-16 14:44:27 -07:00
commit 32ef6cd883
1 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
View File

@ -1,7 +1,7 @@
---
title: Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
description: A list of all available settings for Windows Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
@ -13,13 +13,13 @@ ms.reviewer:
manager: dansimp
ms.author: dansimp
---
# Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings
# Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
**Applies to:**
- Windows 10
- Windows 10 Mobile
Windows Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
See [Windows 10 (and later) settings to protect devices using Intune](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
@ -35,7 +35,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
<tr>
<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen</td>
<td>At least Windows Server 2012, Windows 8 or Windows RT</td>
<td>This policy setting turns on Windows Defender SmartScreen.<p>If you enable this setting, it turns on Windows Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Windows Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<p>If you disable this setting, it turns off Windows Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Windows Defender SmartScreen.</td>
<td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
@ -45,38 +45,38 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
<tr>
<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
<td>Microsoft Edge on Windows 10 or later</td>
<td>This policy setting turns on Windows Defender SmartScreen.<p>If you enable this setting, it turns on Windows Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Windows Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Windows Defender SmartScreen.</td>
<td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
</tr>
<tr>
<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files</td>
<td>Microsoft Edge on Windows 10, version 1511 or later</td>
<td>This policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious files.<p>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.</td>
<td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.<p>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.</td>
</tr>
<tr>
<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites</td>
<td>Microsoft Edge on Windows 10, version 1511 or later</td>
<td>This policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
<td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter</td>
<td>Internet Explorer 9 or later</td>
<td>This policy setting prevents the employee from managing Windows Defender SmartScreen.<p>If you enable this policy setting, the employee isn't prompted to turn on Windows Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.</td>
<td>This policy setting prevents the employee from managing Microsoft Defender SmartScreen.<p>If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings</td>
<td>Internet Explorer 8 or later</td>
<td>This policy setting determines whether an employee can bypass warnings from Windows Defender SmartScreen.<p>If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.</td>
<td>This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.<p>If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet</td>
<td>Internet Explorer 9 or later</td>
<td>This policy setting determines whether the employee can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.</td>
<td>This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.</td>
</tr>
</table>
## MDM settings
If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices. <br><br>
For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer).
For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer).
<table>
<tr>
<th align="left">Setting</th>
@ -91,8 +91,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li>
<li><strong>Data type.</strong> Integer</li>
<li><strong>Allowed values:</strong><ul>
<li><strong>0 .</strong> Turns off Windows Defender SmartScreen in Edge.</li>
<li><strong>1.</strong> Turns on Windows Defender SmartScreen in Edge.</li></ul></li></ul>
<li><strong>0 .</strong> Turns off Microsoft Defender SmartScreen in Edge.</li>
<li><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Edge.</li></ul></li></ul>
</td>
</tr>
<tr>
@ -115,8 +115,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell</li>
<li><strong>Data type.</strong> Integer</li>
<li><strong>Allowed values:</strong><ul>
<li><strong>0 .</strong> Turns off Windows Defender SmartScreen in Windows for app and file execution.</li>
<li><strong>1.</strong> Turns on Windows Defender SmartScreen in Windows for app and file execution.</li></ul></li></ul>
<li><strong>0 .</strong> Turns off Microsoft Defender SmartScreen in Windows for app and file execution.</li>
<li><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Windows for app and file execution.</li></ul></li></ul>
</td>
</tr>
<tr>
@ -127,8 +127,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell</li>
<li><strong>Data type.</strong> Integer</li>
<li><strong>Allowed values:</strong><ul>
<li><strong>0 .</strong> Employees can ignore Windows Defender SmartScreen warnings and run malicious files.</li>
<li><strong>1.</strong> Employees can't ignore Windows Defender SmartScreen warnings and run malicious files.</li></ul></li></ul>
<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.</li>
<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.</li></ul></li></ul>
</td>
</tr>
<tr>
@ -139,8 +139,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li>
<li><strong>Data type.</strong> Integer</li>
<li><strong>Allowed values:</strong><ul>
<li><strong>0 .</strong> Employees can ignore Windows Defender SmartScreen warnings.</li>
<li><strong>1.</strong> Employees can't ignore Windows Defender SmartScreen warnings.</li></ul></li></ul>
<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings.</li>
<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings.</li></ul></li></ul>
</td>
</tr>
<tr>
@ -151,16 +151,16 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
<li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li>
<li><strong>Data type.</strong> Integer</li>
<li><strong>Allowed values:</strong><ul>
<li><strong>0 .</strong> Employees can ignore Windows Defender SmartScreen warnings for files.</li>
<li><strong>1.</strong> Employees can't ignore Windows Defender SmartScreen warnings for files.</li></ul></li></ul>
<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings for files.</li>
<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings for files.</li></ul></li></ul>
</td>
</tr>
</table>
## Recommended Group Policy and MDM settings for your organization
By default, Windows Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Windows Defender SmartScreen to block high-risk interactions instead of providing just a warning.
By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
To better help you protect your organization, we recommend turning on and using these specific Windows Defender SmartScreen Group Policy and MDM settings.
To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
<table>
<tr>
<th align="left">Group Policy setting</th>
@ -168,7 +168,7 @@ To better help you protect your organization, we recommend turning on and using
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen</td>
<td><strong>Enable.</strong> Turns on Windows Defender SmartScreen.</td>
<td><strong>Enable.</strong> Turns on Microsoft Defender SmartScreen.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites</td>
@ -191,7 +191,7 @@ To better help you protect your organization, we recommend turning on and using
</tr>
<tr>
<td>Browser/AllowSmartScreen</td>
<td><strong>1.</strong> Turns on Windows Defender SmartScreen.</td>
<td><strong>1.</strong> Turns on Microsoft Defender SmartScreen.</td>
</tr>
<tr>
<td>Browser/PreventSmartScreenPromptOverride</td>
@ -203,7 +203,7 @@ To better help you protect your organization, we recommend turning on and using
</tr>
<tr>
<td>SmartScreen/EnableSmartScreenInShell</td>
<td><strong>1.</strong> Turns on Windows Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
<td><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
</tr>
<tr>
<td>SmartScreen/PreventOverrideForFilesInShell</td>
@ -214,7 +214,7 @@ To better help you protect your organization, we recommend turning on and using
## Related topics
- [Threat protection](../index.md)
- [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
- [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies)