From dad8d2e2fb4bece4dfa2cfa27aef1fde33cac6d2 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 4 Sep 2020 15:59:34 -0700 Subject: [PATCH] network protection update --- .../enable-network-protection.md | 45 +++++-------------- 1 file changed, 11 insertions(+), 34 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index f081c6ad4a..12bf4e6a76 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -1,6 +1,6 @@ --- -title: Turning on network protection -description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager. +title: Turn on network protection +description: Enable network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager. keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -14,7 +14,7 @@ ms.reviewer: manager: dansimp --- -# Turning on network protection +# Turn on network protection **Applies to:** @@ -22,6 +22,8 @@ manager: dansimp [Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it. +[Learn more about network filtering configuration options](https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10#network-filtering) + ## Check if network protection is enabled Check if network protection has been enabled on a local device by using Registry editor. @@ -40,9 +42,8 @@ Check if network protection has been enabled on a local device by using Registry Enable network protection by using any of these methods: * [PowerShell](#powershell) -* [Microsoft Intune](#intune) * [Mobile Device Management (MDM)](#mobile-device-management-mdm) -* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager) +* [Microsoft Endpoint Manager / Intune](#microsoft-endpoint-manager-formerly-intune) * [Group Policy](#group-policy) ### PowerShell @@ -62,41 +63,17 @@ Enable network protection by using any of these methods: Use `Disabled` instead of `AuditMode` or `Enabled` to turn off the feature. -### Intune - -1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. - -2. Go to **Device configuration** > **Profiles** > **Create profile**. - -3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. - - ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) - -4. Select **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. - - ![Enable network protection in Intune](../images/enable-np-intune.png) - -5. Select **OK** to save each open section and **Create**. - -6. Select the profile called **Assignments**, assign to **All Users & All Devices**, and **Save**. - -### Mobile Device Management (MDM) +### Mobile device management (MDM) Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode. -## Microsoft Endpoint Configuration Manager +### Microsoft Endpoint Manager (formerly Intune) -1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. +1. Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com) -2. Then go to **Home** > **Create Exploit Guard Policy**. +2. Create or edit an [endpoint protection configuration profile](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-configure) -3. Enter a name and a description, select **Network protection**, and then **Next**. - -4. Choose whether to block or audit access to suspicious domains and select **Next**. - -5. Review the settings and select **Next** to create the policy. - -6. After the policy is created, **Close**. +3. Under "Configuration Settings" in the profile flow, go to **Microsoft Defender Exploit Guard** > **Network filtering** > **Network protection** > **Enable** or **Audit only** ### Group Policy