From 3d1ece47057c7dd04d0e0f98263096ac14294c12 Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 5 May 2020 12:33:52 -0400 Subject: [PATCH] updated enable-network-protection added section on checking state with regedit moved headings on other sections one level down gave new title to avoid repetition --- .../enable-network-protection.md | 31 ++++++++++++++----- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index 7f23be0e27..61f527b0ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -17,14 +17,29 @@ audience: ITPro manager: dansimp --- -# Enable network protection +# Turning on network protection **Applies to:** * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. -You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. +You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. + +## Check if network protection is enabled + +You can see if network protection has been enabled on a local device by using Registry editor. + +1. Select the **Start** button in the task bar and type **regedit** to open Registry editor +1. Choose **HKEY_LOCAL_MACHINE** from the side menu +1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** **Windows Defender** > **Policy Manager** +1. Select **EnableNetworkProtection** to see the current state of network protection on the device + + * 0, or **Off** + * 1, or **On** + * 2, or **Audit** mode + +## Enable network protection You can enable network protection by using any of these methods: @@ -34,7 +49,7 @@ You can enable network protection by using any of these methods: * [Group Policy](#group-policy) * [PowerShell](#powershell) -## Intune +### Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. 1. Click **Device configuration** > **Profiles** > **Create profile**. @@ -45,11 +60,11 @@ You can enable network protection by using any of these methods: 1. Click **OK** to save each open blade and click **Create**. 1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. -## MDM +### MDM Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode. -## SCCM +### SCCM 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. 1. Click **Home** > **Create Exploit Guard Policy**. @@ -58,13 +73,13 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://d 1. Review the settings and click **Next** to create the policy. 1. After the policy is created, click **Close**. -## Group Policy +### Group Policy You can use the following procedure to enable network protection on domain-joined computers or on a standalone computer. 1. On a standalone computer, click **Start**, type and then click **Edit group policy**. - -Or- + *-Or-* On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -89,7 +104,7 @@ You can confirm network protection is enabled on a local computer by using Regis * 1=On * 2=Audit -## PowerShell +### PowerShell 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: