14 KiB
title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
| title | description | author | manager | ms.author | ms.date | ms.localizationpriority | ms.prod | ms.technology | ms.topic |
|---|---|---|---|---|---|---|---|---|---|
| WebThreatDefense Policy CSP | Learn more about the WebThreatDefense Area in Policy CSP. | vinaypamnani-msft | aaroncz | vinpa | 01/09/2023 | medium | windows-client | itpro-manage | reference |
Policy CSP - WebThreatDefense
Note
In Microsoft Intune, this CSP is listed under the Enhanced Phishing Protection category.
CaptureThreatWindow
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/CaptureThreatWindow
Configures Enhanced Phishing Protection notifications to allow to capture the suspicious window on client machines for further threat analysis.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
Allowed values:
| Value | Description |
|---|---|
| 0 | Disabled. |
| 1 (Default) | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | CaptureThreatWindow |
| Path | WebThreatDefense > AT > WindowsComponents > WebThreatDefense |
NotifyMalicious
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyMalicious
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a Microsoft login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
-
If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn your users if they type their work or school password into one of the malicious scenarios described above.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | NotifyMalicious |
| Friendly Name | Notify Malicious |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | NotifyMalicious |
| ADMX File Name | WebThreatDefense.admx |
NotifyPasswordReuse
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyPasswordReuse
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they reuse their work or school password.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they reuse their work or school password and encourages them to change it.
-
If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn users if they reuse their work or school password.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | NotifyPasswordReuse |
| Friendly Name | Notify Password Reuse |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | NotifyPasswordReuse |
| ADMX File Name | WebThreatDefense.admx |
NotifyUnsafeApp
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyUnsafeApp
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school passwords in Notepad, Winword, or M365 Office apps like OneNote, Word, Excel, etc.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they store their password in text editor apps.
-
If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen will not warn users if they store their password in text editor apps.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | NotifyUnsafeApp |
| Friendly Name | Notify Unsafe App |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | NotifyUnsafeApp |
| ADMX File Name | WebThreatDefense.admx |
ServiceEnabled
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users do not see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is enabled in audit mode and your users are unable to turn it off.
-
If you disable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it will not capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on.
-
If you don't configure this setting, users can decide whether or not they will enable Enhanced Phishing Protection in Microsoft Defender SmartScreen.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
Allowed values:
| Value | Description |
|---|---|
| 0 | Disabled. |
| 1 (Default) | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | ServiceEnabled |
| Friendly Name | Service Enabled |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | ServiceEnabled |
| ADMX File Name | WebThreatDefense.admx |