diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index 2871ffa4fd..1eae1ad2c3 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -279,6 +279,9 @@ href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md - name: Microsoft Defender SmartScreen overview href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md + items: + - name: Brand name + - href: threat-protection/microsoft-defender-smartscreen/brand-name-overview.md - name: Configure S/MIME for Windows href: identity-protection\configure-s-mime.md - name: Windows Credential Theft Mitigation Guide Abstract diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/brand-name-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/brand-name-overview.md new file mode 100644 index 0000000000..cd89920619 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/brand-name-overview.md @@ -0,0 +1,94 @@ +--- +title: [Phishing sensors] overview (Windows) +description: Learn how [Brand name] helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. +ms.prod: m365-security +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +author: vmathavale +ms.author: vmathavale +audience: IT Admin +ms.localizationpriority: medium +ms.date: 06/16/2022 +ms.reviewer: +manager: dansimp +ms.technology: windows-sec +adobe-target: true +--- + +# [Brand Name] + +**Applies to:** + +- Windows 11 + +[Brand name] helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. + +**[Brand name] protects work or school passwords on Windows 11 by:** + +- Analyzing visited webpages and apps connecting to URLs, looking for indications of suspicious behavior, and checking the visited sites against a dynamic list of reported phishing sites. If [brand name] determines that a page the user has just typed their password into is suspicious or matches an entry in the list, it shows a warning to let the user know that the site may be malicious and offers the user the opportunity to change their password. + +- Determining whether a user has reused their work or school password on a non-phishing site. If [brand name] determines a user has just reused their password, it shows a warning to let the user know that password reuse is dangerous and offers them the opportunity to change their password so that attackers cannot break into multiple accounts using one password. + +- Observing whether a user has typed their password into a text editor app like Word, Notepad, Office apps, etc. If [brand name] determines that a user has stored their password in a text editor app, it shows a warning to let the user know it’s unsafe to store their plaintext password and recommends the users to delete their password from the file. + +## Benefits of [Brand name] + +[Brand name] provides robust phishing protections for work or school passwords that are used to sign into Windows 11. The primary benefits are: + +- **Anti-phishing support:** Phishing attacks can easily trick users through convincing imitations of safe content or credential harvesting content inside trusted applications like browsers and chat. [Brand name] helps to protect users from sites that are reported to host phishing attacks by evaluating a website’s URL and other characteristics to determine if they’re known to distribute or host unsafe content. + +- **Secure operating system integration:** [Brand name] is integrated directly into the Windows 11 operating system. Thus, it has insights into what is happening (including process connections, URLs, certificate information, etc.) when a user interacts with content, including first and third party browsers and applications. Because [brand name] has unparalleled insight into what is happening at the OS level, it can identify when users use their work or school password unsafely. Such an alert empowers users to protect themselves by changing their password before that compromised credential is weaponized against them. + +- **Unparalleled telemetry working with other security suite:** [Brand name] is constantly learning from phishing attacks seen throughout the entire security suite, including sources like Microsoft SmartScreen and Microsoft Defender for Endpoint. [Brand name] stays up to date and works well with other Microsoft security products in a layered approach to password security, especially as an interim protection solution for enterprises transitioning to passwordless. + +- **Management through Group Policy and Microsoft Intune:** [Brand name] works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization’s computer settings. Based on how you set up [brand name], you can show employees a warning dialog for particular protection scenarios, for all protection scenarios, or for no protection scenarios. + +## Configure [brand name] for your organization + +### Group Policy settings +[Brand name] uses registry-based Administrative Template policy settings supported only on Windows 11. + + +|Setting |Description | +|---------|---------| +|Administrative Templates\Windows Components\... (Service Enabled)|This policy setting determines whether [brand name] is in audit mode or off. Users do not see any notifications for any protection scenarios when [brand name] is in audit mode. When in audit mode [brand name] captures unsafe password entry events and sends telemetry through Microsoft Defender.

If you enable this policy setting or don’t configure this setting, [brand name] is enabled in audit mode and your users are unable to turn it off.

If you disable this policy setting, [brand name] is off. When off, [brand name] does not capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on.| +|Administrative Templates\Windows Components\... (Notify Malicious) |This policy setting determines whether [brand name] warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a login URL with an invalid certificate.

If you enable this policy setting, [brand name] warns your users when they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.

If you disable or don’t configure this policy setting, [brand name] will not warn your users if they type their work or school password into one of the malicious scenarios described above.| +|Administrative Templates\Windows Components\... (Notify Password Reuse) | This policy setting determines whether [brand name] warns your users if they reuse their work or school password.

If you enable this policy setting, [brand name] warns users if they reuse their work or school password and encourages them to change it.

If you disable or don’t configure this policy setting, [brand name] will not warn users if they reuse their work or school password.| +|Administrative Templates\Windows Components\... (Notify Unsafe App) |This policy setting determines whether [brand name] warns your users if they type their work or school passwords in text editor apps like OneNote, Word, Notepad, etc.

If you enable this policy setting, [brand name] warns your users if they store their password in text editor apps.

If you disable or don’t configure this policy setting, [brand name] will not warn users if they store their password in text editor apps. | + +### MDM settings +If you manage your policies using Microsoft Intune, you’ll want to use these MDM policy settings. All settings support desktop computers running Windows 11, enrolled with Microsoft Intune. + +|Setting |Details | +|---------|---------| +|ServiceEnabled |
  • **URI full path:** ./Vendor/MSFT/Policy/Config/…
  • **Data Type:** Integer
  • **Allowed values:**