network protection

windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md

@@ -1,6 +1,6 @@
 ---
 title: Turn on network protection 
-description: Enable Network protection with Group Policy, PowerShell, or MDM CSPs
+description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager
 keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -23,12 +23,11 @@ manager: dansimp
 
 * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
+[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it.
-You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it.
 
 ## Check if network protection is enabled
 
-You can see if network protection has been enabled on a local device by using Registry editor.
+Check if network protection has been enabled on a local device by using Registry editor.
 
 1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
 1. Choose **HKEY_LOCAL_MACHINE** from the side menu
@@ -41,82 +40,96 @@ You can see if network protection has been enabled on a local device by using Re
 
 ## Enable network protection
 
-You can enable network protection by using any of these methods:
+Enable network protection by using any of these methods:
 
 * [PowerShell](#powershell)
 * [Microsoft Intune](#intune)
-* [Mobile Device Management (MDM)](#mdm)
+* [Mobile Device Management (MDM)](#mobile-device-management-mmd)
 * [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
 * [Group Policy](#group-policy)
 
 ### PowerShell
 
-1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
 2. Enter the following cmdlet:
 
     ```PowerShell
     Set-MpPreference -EnableNetworkProtection Enabled
     ```
 
-You can enable the feature in audit mode using the following cmdlet:
+3. Optional: Enable the feature in audit mode using the following cmdlet:
 
-```PowerShell
+    ```PowerShell
-Set-MpPreference -EnableNetworkProtection AuditMode
+    Set-MpPreference -EnableNetworkProtection AuditMode
-```
+    ```
 
-Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off.
+    Use `Disabled` instead of `AuditMode` or `Enabled` to turn off the feature.
 
 ### Intune
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
-1. Click **Device configuration** > **Profiles** > **Create profile**.
-1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
-   ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
-1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.  
-   ![Enable network protection in Intune](../images/enable-np-intune.png)
-1. Click **OK** to save each open blade and click **Create**.
-1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
 
-### MDM
+2. Go to **Device configuration** > **Profiles** > **Create profile**.
+
+3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
+   
+    ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
+
+4. Select **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.  
+   
+    ![Enable network protection in Intune](../images/enable-np-intune.png)
+
+5. Select **OK** to save each open section and **Create**.
+
+6. Select the profile **Assignments**, assign to **All Users & All Devices**, and **Save**.
+
+### Mobile Device Management (MMD)
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode.
 
 ## Microsoft Endpoint Configuration Manager
 
-1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-1. Click **Home** > **Create Exploit Guard Policy**.
+
-1. Enter a name and a description, click **Network protection**, and click **Next**.
+2. Then go to **Home** > **Create Exploit Guard Policy**.
-1. Choose whether to block or audit access to suspicious domains and click **Next**.
+
-1. Review the settings and click **Next** to create the policy.
+3. Enter a name and a description, select **Network protection**, and then **Next**.
-1. After the policy is created, click **Close**.
+
+4. Choose whether to block or audit access to suspicious domains and select **Next**.
+
+5. Review the settings and select **Next** to create the policy.
+
+6. After the policy is created, **Close**.
 
 ### Group Policy
 
-You can use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
+Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
 
-1. On a standalone computer, click **Start**, type and then click **Edit group policy**.
+1. On a standalone computer, go to **Start** and then type and select **Edit group policy**.
 
     *-Or-*
 
-    On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+    On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
 
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 
 3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**.
 
-4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following:
+4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options:
-    * **Block** - Users will not be able to access malicious IP addresses and domains
+    * **Block** - Users can't access malicious IP addresses and domains
-    * **Disable (Default)** - The Network protection feature will not work. Users will not be blocked from accessing malicious domains
+    * **Disable (Default)** - The Network protection feature won't work. Users won't be blocked from accessing malicious domains
-    * **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address.
+    * **Audit Mode** - If a user visits a malicious IP address or domain, an event won't be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
 
 > [!IMPORTANT]
 > To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.
 
-You can confirm network protection is enabled on a local computer by using Registry editor:
+Confirm network protection is enabled on a local computer by using Registry editor:
+
+1. Select **Start** and type **regedit** to open **Registry Editor**.
 
-1. Click **Start** and type **regedit** to open **Registry Editor**.
 2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
-3. Click **EnableNetworkProtection** and confirm the value:
+
+3. Select **EnableNetworkProtection** and confirm the value:
    * 0=Off
    * 1=On
    * 2=Audit