deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 14:53:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Adding content

Browse Source
This commit is contained in:
LizRoss
2017-03-09 13:09:03 -08:00
parent a4174e7618
commit 585021f5f5
4 changed files with 63 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/keep-secure/TOC.md
View File

@ -43,7 +43,6 @@
#### [Using Outlook Web Access with Windows Information Protection (WIP)](using-owa-with-wip.md) #### [Using Outlook Web Access with Windows Information Protection (WIP)](using-owa-with-wip.md)
## [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md) ## [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md) ### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md)
#### [Recommended Group Policy and mobile device management (MDM) settings for Windows Defender SmartScreen in your organization](windows-defender-smartscreen-recommended-settings.md)
### [Use Windows Defender Security Center to set Windows Defender SmartScreen for individual devices](windows-defender-smartscreen-set-individual-device.md) ### [Use Windows Defender Security Center to set Windows Defender SmartScreen for individual devices](windows-defender-smartscreen-set-individual-device.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) ## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)

1
windows/keep-secure/change-history-for-keep-windows-10-secure.md
View File

@ -20,7 +20,6 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
|[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.| |[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
|[Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)|New | |[Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)|New |
|[Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md)|New | |[Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md)|New |
|[Recommended Group Policy and mobile device management (MDM) settings for Windows Defender SmartScreen in your organization](windows-defender-smartscreen-recommended-settings.md)|New |
|[Use Windows Defender Security Center to set Windows Defender SmartScreen for individual devices](windows-defender-smartscreen-set-individual-device.md)|New | |[Use Windows Defender Security Center to set Windows Defender SmartScreen for individual devices](windows-defender-smartscreen-set-individual-device.md)|New |

64
windows/keep-secure/windows-defender-smartscreen-available-settings.md
View File

@ -153,7 +153,69 @@ If you manage your policies using Microsoft Intune, you'll want to use these MDM
<li><strong>1.</strong> Employees can't ignore SmartScreen warnings for files.</li></ul></li></ul> <li><strong>1.</strong> Employees can't ignore SmartScreen warnings for files.</li></ul></li></ul>
</td> </td>
</tr> </tr>
<table> <table>
## Recommended Group Policy and mobile device management (MDM) settings for Windows Defender SmartScreen in your organization
By default, Windows Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Windows Defender SmartScreen to block high-risk interactions instead of providing just a warning.
To better help you protect your organization, we recommend turning on and using these specific Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings.
<table>
<tr>
<th>Group Policy setting</th>
<th>Recommendation</th>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen</td>
<td>Enable.<br>Turns on Windows Defender SmartScreen.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites</td>
<td>Enable.<br>Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files</td>
<td>Enable.<br>Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen</td>
<td>Enable with the Warn and prevent bypass option.<br>Stops employees from ignoring warning messages about malicious files downloaded from the Internet.</td>
</tr>
</table>
<table>
<tr>
<th>MDM setting</th>
<th>Recommendation</th>
</tr>
<tr>
<td>Browser/AllowSmartScreen</td>
<td>1.<br>Turns on Windows Defender SmartScreen.</td>
</tr>
<tr>
<td>Browser/PreventSmartScreenPromptOverride</td>
<td>1.<br>Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
</tr>
<tr>
<td>Browser/PreventSmartScreenPromptOverrideForFiles</td>
<td>1.<br>Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
</tr>
<tr>
<td>SmartScreen/EnableSmartScreenInShell</td>
<td>1. Turns on Windows Defender SmartScreen in Windows.<p>Requires at least Windows 10, Version 1703.</td>
</tr>
<tr>
<td>SmartScreen/PreventOverrideForFilesInShell</td>
<td>1.<br>Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<p>Requires at least Windows 10, Version 1703.</td>
</tr>
</table>
## Related topics
- [Keep Windows 10 secure](https://technet.microsoft.com/itpro/windows/keep-secure/index)
- [Security technologies in Windows 10](https://technet.microsoft.com/itpro/windows/keep-secure/security-technologies)
- [Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge/available-policies)
>[!NOTE] >[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

84
windows/keep-secure/windows-defender-smartscreen-recommended-settings.md
View File

@ -1,84 +0,0 @@
---
title: Recommended Group Policy and mobile device management (MDM) settings for Windows Defender SmartScreen in your organization (Windows 10)
description: A list of the specific Windows Defender SmartScreen settings we recommend using within your organization.
keywords: SmartScreen Filter, Windows SmartScreen
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
author: eross-msft
localizationpriority: high
---
# Recommended Group Policy and mobile device management (MDM) settings for Windows Defender SmartScreen in your organization
**Applies to:**
- Windows 10, Version 1703
- Windows 10 Mobile
By default, Windows Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Windows Defender SmartScreen to block high-risk interactions instead of providing just a warning.
To better help you protect your organization, we recommend turning on and using these specific Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings.
>[!Note]
>For a complete list of available Group Policy and MDM settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md) topic.
<table>
<tr>
<th>Group Policy setting</th>
<th>Recommendation</th>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen</td>
<td>Enable.<br>Turns on Windows Defender SmartScreen.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites</td>
<td>Enable.<br>Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files</td>
<td>Enable.<br>Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
</tr>
<tr>
<td>Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen</td>
<td>Enable with the Warn and prevent bypass option.<br>Stops employees from ignoring warning messages about malicious files downloaded from the Internet.</td>
</tr>
</table>
<table>
<tr>
<th>MDM setting</th>
<th>Recommendation</th>
</tr>
<tr>
<td>Browser/AllowSmartScreen</td>
<td>1.<br>Turns on Windows Defender SmartScreen.</td>
</tr>
<tr>
<td>Browser/PreventSmartScreenPromptOverride</td>
<td>1.<br>Stops employees from ignoring warning messages and continuing on to a potentially malicious website.</td>
</tr>
<tr>
<td>Browser/PreventSmartScreenPromptOverrideForFiles</td>
<td>1.<br>Stops employees from ingnoring warning messages and continuing to download potentially malicious files.</td>
</tr>
<tr>
<td>SmartScreen/EnableSmartScreenInShell</td>
<td>1. Turns on Windows Defender SmartScreen in Windows.<p>Requires at least Windows 10, Version 1703.</td>
</tr>
<tr>
<td>SmartScreen/PreventOverrideForFilesInShell</td>
<td>1.<br>Stops employees from ignoring warning messages about malicious files downloaded from the Internet.<p>Requires at least Windows 10, Version 1703.</td>
</tr>
</table>
## Related topics
- [Keep Windows 10 secure](https://technet.microsoft.com/itpro/windows/keep-secure/index)
- [Security technologies in Windows 10](https://technet.microsoft.com/itpro/windows/keep-secure/security-technologies)
- [Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge/available-policies)
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).