From 389263cf3f6283a774fca1dad2eddd72fc9cc626 Mon Sep 17 00:00:00 2001
From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com>
Date: Thu, 6 Oct 2022 16:13:20 -0700
Subject: [PATCH 1/5] Update windows-11-se-overview.md
Version change n brave Browser.
---
education/windows/windows-11-se-overview.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 4d1777d0ad..6827ee275a 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -88,7 +88,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
|-----------------------------------------|-------------------|----------|------------------------------|
| AirSecure | 8.0.0 | Win32 | AIR |
| Alertus Desktop | 5.4.44.0 | Win32 | Alertus technologies |
-| Brave Browser | 1.34.80 | Win32 | Brave |
+| Brave Browser | 106.0.5249.65 | Win32 | Brave |
| Bulb Digital Portfolio | 0.0.7.0 | Store | Bulb |
| CA Secure Browser | 14.0.0 | Win32 | Cambium Development |
| Cisco Umbrella | 3.0.110.0 | Win32 | Cisco |
From 575dba158e4cd214937d3bb2dca3f502d6e64112 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 7 Oct 2022 10:27:57 -0400
Subject: [PATCH 2/5] Added Settings catalog settings
---
.../images/icons/accessibility.svg | 3 +
.../images/icons/group-policy.svg | 3 +
.../images/icons/intune.svg | 24 ++++++++
.../images/icons/powershell.svg | 20 +++++++
.../images/icons/provisioning-package.svg | 3 +
.../images/icons/registry.svg | 22 +++++++
.../images/icons/windows-os.svg | 3 +
...otection-microsoft-defender-smartscreen.md | 57 ++++++++++++++-----
8 files changed, 121 insertions(+), 14 deletions(-)
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg
create mode 100644 windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg
new file mode 100644
index 0000000000..21a6b4f235
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
new file mode 100644
index 0000000000..ace95add6b
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
new file mode 100644
index 0000000000..6e0d938aed
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
@@ -0,0 +1,24 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg
new file mode 100644
index 0000000000..ab2d5152ca
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg
@@ -0,0 +1,20 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg
new file mode 100644
index 0000000000..dbbad7d780
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg
new file mode 100644
index 0000000000..06ab4c09d7
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg
@@ -0,0 +1,22 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
new file mode 100644
index 0000000000..da64baf975
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
index 6fe565bf48..6e5b2380f6 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@@ -8,7 +8,7 @@ ms.author: v-mathavale
ms.reviewer: paoloma
manager: aaroncz
ms.localizationpriority: medium
-ms.date: 06/21/2022
+ms.date: 10/07/2022
adobe-target: true
appliesto:
- ✅ Windows 11, version 22H2
@@ -40,22 +40,36 @@ Enhanced Phishing Protection provides robust phishing protections for work or sc
## Configure Enhanced Phishing Protection for your organization
-Enhanced Phishing Protection can be configured via Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service like Microsoft Intune. Follow the instructions below to configure your devices using either GPO or CSP.
+Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service. Follow the instructions below to configure your devices using either Microsoft Intune, GPO or CSP.
-#### [✅ **GPO**](#tab/gpo)
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+To configure devices using Microsoft Intune, create a [**Settings catalog** policy][MEM-2], and use the settings listed under the category **`SmartScreen > Enhanced Phishing Protection`**:
+
+|Setting|Description|
+|---------|---------|
+|Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.
If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.
If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.
|
+|Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate
If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.|
+|Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.
If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.|
+|Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.
If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.|
+
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
+
+#### [:::image type="icon" source="images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
Enhanced Phishing Protection can be configured using the following Administrative Templates policy settings:
|Setting|Description|
|---------|---------|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.
If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.
If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate.
If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.
If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.
If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.
If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.
If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.
|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate
If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.
If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.
If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.
If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.|
-#### [✅ **CSP**](#tab/csp)
+#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
-Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP](/windows/client-management/mdm/policy-csp-webthreatdefense).
+Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1].
| Setting | OMA-URI | Data type |
|-------------------------|---------------------------------------------------------------------------|-----------|
@@ -70,9 +84,18 @@ Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP](
By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, it's recommended that you configure Enhanced Phishing Protection to warn users during all protection scenarios.
-To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
+To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings.
-#### [✅ **GPO**](#tab/gpo)
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+|Settings catalog element|Recommendation|
+|---------|---------|
+|Service Enabled|**Enable**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users.|
+|Notify Malicious|**Enable**: Turns on Enhanced Phishing Protection notifications when users type their work or school password into one of the previously described malicious scenarios and encourages them to change their password.|
+|Notify Password Reuse|**Enable**: Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password.|
+|Notify Unsafe App|**Enable**: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in Notepad and Microsoft 365 Office Apps.|
+
+#### [:::image type="icon" source="images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
|Group Policy setting|Recommendation|
|---------|---------|
@@ -81,7 +104,7 @@ To better help you protect your organization, we recommend turning on and using
|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse|**Enable**: Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.|
|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|**Enable**: Enhanced Phishing Protection warns users if they store their password in Notepad and Microsoft 365 Office Apps.|
-#### [✅ **CSP**](#tab/csp)
+#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
|MDM setting|Recommendation|
|---------|---------|
@@ -94,8 +117,14 @@ To better help you protect your organization, we recommend turning on and using
## Related articles
-- [Microsoft Defender SmartScreen](microsoft-defender-smartscreen-overview.md)
+- [Microsoft Defender SmartScreen](microsoft-defender-smartscreen-overview)
- [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
- [Threat protection](../index.md)
-- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md)
+- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings)
- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference)
+
+------------
+
+[WIN-1]: /windows/client-management/mdm/policy-csp-webthreatdefense
+
+[MEM-2]: /mem/intune/configuration/settings-catalog
\ No newline at end of file
From 2eca400a5a52f75945139fb10bd5605eed453989 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 7 Oct 2022 10:36:21 -0400
Subject: [PATCH 3/5] fixed links
---
.../phishing-protection-microsoft-defender-smartscreen.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
index 6e5b2380f6..d2c1f5e78d 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@@ -117,10 +117,10 @@ To better help you protect your organization, we recommend turning on and using
## Related articles
-- [Microsoft Defender SmartScreen](microsoft-defender-smartscreen-overview)
+- [Microsoft Defender SmartScreen](microsoft-defender-smartscreen-overview.md)
- [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
- [Threat protection](../index.md)
-- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings)
+- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md)
- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference)
------------
From b1e7b0786dab133f73cacfab5452c6666fe85567 Mon Sep 17 00:00:00 2001
From: jsuther1974
Date: Fri, 7 Oct 2022 11:20:29 -0700
Subject: [PATCH 4/5] Update microsoft-recommended-driver-block-rules.md
---
.../microsoft-recommended-driver-block-rules.md | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 56669890d4..675ca402e2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -2198,6 +2198,14 @@ If you prefer to apply the vulnerable driver blocklist exactly as shown above, f
4. Copy SiPolicy.p7b to %windir%\system32\CodeIntegrity
5. Run the WDAC policy refresh tool you downloaded in Step 1 above to activate and refresh all WDAC policies on your computer
+To check that the policy was successfully applied on your computer:
+
+1. Open Event Viewer
+2. Browse to **Applications and Services Logs - Microsoft - Windows - CodeIntegrity - Operational**
+3. Select **Filter Current Log...**
+4. Replace "<All Event IDs>" with "3099" and select OK
+5. Look for a 3099 event where the PolicyNameBuffer and PolicyIdBuffer match the Name and Id PolicyInfo settings found at the bottom of the blocklist WDAC Policy XML in this article. NOTE: Your computer may have more than one 3099 event if other WDAC policies are also present.
+
> [!NOTE]
> If any vulnerable drivers are already running that would be blocked by the policy, you must reboot your computer for those drivers to be blocked. Running processes aren't shutdown when activating a new WDAC policy without reboot.
From 663d28e8e5d6902ca5a4f9321465790b06aed137 Mon Sep 17 00:00:00 2001
From: jsuther1974
Date: Fri, 7 Oct 2022 11:21:03 -0700
Subject: [PATCH 5/5] Update microsoft-recommended-driver-block-rules.md
---
.../microsoft-recommended-driver-block-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 675ca402e2..c482f8070f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -14,7 +14,7 @@ author: jgeurten
ms.reviewer: aaroncz
ms.author: dansimp
manager: dansimp
-ms.date: 10/06/2022
+ms.date: 10/07/2022
---
# Microsoft recommended driver block rules