deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

network protection

Browse Source
This commit is contained in:
Beth Levin 2020-08-12 11:40:10 -07:00
parent d04571e089
commit ea9e0c761f
1 changed files with 50 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
View File

@ -1,6 +1,6 @@
---
title: Turn on network protection
description: Enable Network protection with Group Policy, PowerShell, or MDM CSPs
description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager
keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -23,12 +23,11 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it.
[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it.
## Check if network protection is enabled
You can see if network protection has been enabled on a local device by using Registry editor.
Check if network protection has been enabled on a local device by using Registry editor.
1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
1. Choose **HKEY_LOCAL_MACHINE** from the side menu
@ -41,82 +40,96 @@ You can see if network protection has been enabled on a local device by using Re
## Enable network protection
You can enable network protection by using any of these methods:
Enable network protection by using any of these methods:
* [PowerShell](#powershell)
* [Microsoft Intune](#intune)
* [Mobile Device Management (MDM)](#mdm)
* [Mobile Device Management (MDM)](#mobile-device-management-mmd)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
### PowerShell
1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
Set-MpPreference -EnableNetworkProtection Enabled
```
You can enable the feature in audit mode using the following cmdlet:
3. Optional: Enable the feature in audit mode using the following cmdlet:
```PowerShell
Set-MpPreference -EnableNetworkProtection AuditMode
```
Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off.
Use `Disabled` instead of `AuditMode` or `Enabled` to turn off the feature.
### Intune
1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
1. Click **Device configuration** > **Profiles** > **Create profile**.
1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.
![Enable network protection in Intune](../images/enable-np-intune.png)
1. Click **OK** to save each open blade and click **Create**.
1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
### MDM
2. Go to **Device configuration** > **Profiles** > **Create profile**.
3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
4. Select **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.
![Enable network protection in Intune](../images/enable-np-intune.png)
5. Select **OK** to save each open section and **Create**.
6. Select the profile **Assignments**, assign to **All Users & All Devices**, and **Save**.
### Mobile Device Management (MMD)
Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode.
## Microsoft Endpoint Configuration Manager
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. Click **Home** > **Create Exploit Guard Policy**.
1. Enter a name and a description, click **Network protection**, and click **Next**.
1. Choose whether to block or audit access to suspicious domains and click **Next**.
1. Review the settings and click **Next** to create the policy.
1. After the policy is created, click **Close**.
1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
2. Then go to **Home** > **Create Exploit Guard Policy**.
3. Enter a name and a description, select **Network protection**, and then **Next**.
4. Choose whether to block or audit access to suspicious domains and select **Next**.
5. Review the settings and select **Next** to create the policy.
6. After the policy is created, **Close**.
### Group Policy
You can use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
1. On a standalone computer, click **Start**, type and then click **Edit group policy**.
1. On a standalone computer, go to **Start** and then type and select **Edit group policy**.
*-Or-*
On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**.
4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following:
* **Block** - Users will not be able to access malicious IP addresses and domains
* **Disable (Default)** - The Network protection feature will not work. Users will not be blocked from accessing malicious domains
* **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address.
4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options:
* **Block** - Users can't access malicious IP addresses and domains
* **Disable (Default)** - The Network protection feature won't work. Users won't be blocked from accessing malicious domains
* **Audit Mode** - If a user visits a malicious IP address or domain, an event won't be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
> [!IMPORTANT]
> To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.
You can confirm network protection is enabled on a local computer by using Registry editor:
Confirm network protection is enabled on a local computer by using Registry editor:
1. Select **Start** and type **regedit** to open **Registry Editor**.
1. Click **Start** and type **regedit** to open **Registry Editor**.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
3. Click **EnableNetworkProtection** and confirm the value:
3. Select **EnableNetworkProtection** and confirm the value:
* 0=Off
* 1=On
* 2=Audit