ef1c69b439
* smb adds * smb adds * formatting * private preview and support content * edit removed and dep * Fix blocking issues * Acro-fix * 24H2 CSP Updates * Fix link * fix link in dep page * edit * edit index file * syntax-fix-24h2 * ltsc-edits * ltsc-edits * lichris-docs-1 * Acrolinx improvements * refresh for maxado-8631996 * update link for maxado-8631993 * additional edits, acrolinx * ltsc-tw * contentsource-8914508 * contentsource-8914508 * Updates for 1 October release * Set stale debug to false * update gp link for 24h2 * additional changes * Changes to updates, acrolinx changes * fixes broken links * Fixed alignment issues * updates from Rafal * fixed acrolinx * so many link fixes * added release notes and troubleshoot content * updates * Update security-compliance-toolkit-10.md Added Windows 11 24H2 * Update get-support-for-security-baselines.md Updated for Windows 11 24H2 * bump date * bump date * fix pde comment * fixing broken link * Fix broken redirections * fix to rel link * reset head, fix link * add cli to deploy, add script to cli * removing "mcce" * edits to create page * Update default and global release policies OS version and dates to latest release values * emoved e from mcce and other changes * updated example script * added important notice to update page * more update page changes * clarified how proxy configuration is used * anonymizing variables in example script * revise example script * acrolinx fixes to update page * changes to other pages and content in overview page * Update broken link Update broken link * Update windows-sandbox-configure-using-wsb-file.md Update `HostFolder` value description in `MappedFolder`, specifying that the path could be absolute or relative, not only absolute as, instead, is for the `SandboxFolder` value. * Remove bad link Removed bad link. There is already a second link referring to content so no need to replace the link. * docfx update for security book * Correct TOC entry changing Windows 10 to Windows * Update whats-new-do.md - Vpn to VPN - Minor improvements * Updated date for freshness reporting * Add EOS callout Fix some obvious Acrolinx issues * Fixed typo added clarity * Update mcc-ent-deploy-to-windows.md * Update .openpublishing.redirection.windows-deployment.json * Update .openpublishing.redirection.windows-deployment.json * Update policy-csp-localpoliciessecurityoptions.md * Correct indentation and spacing * Acrolinx: "Enteprise" * Update mcc-ent-edu-overview.md * refresh * Remove redirection and final bits of store-for-business store-for-business, AKA /microsoft-store/, is retired, and the content is archived in officearchive-pr. This archival was for ADO task 9268422. * added support content and other changes * fixed tabs * fixed tabs * Updated device reg policy and group information * Update delivery-optimization-endpoints.md Added a line item in MCC table for Outlook *res.cdn.office.net requirement * freshness review * Fix broken links * Minor change * content for faq * changes to landing page * more content to faqs * pencil edit * add copilot exps link * edits and ren cli file temporarily * ren file back and edit toc to lowercase * edit * edit * edit * Update windows-autopatch-configure-network.md Adding a new network endpoint required for the service 'device.autopatch.microsoft.com' @tiaraquan * Clarify some points and remove data that is confusing to customers. * fix syntax * Sentence correction * Update windows/deployment/do/waas-delivery-optimization-faq.yml Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> * Update windows/deployment/do/waas-delivery-optimization-faq.yml Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> * moved shortcuts under policy settings article --------- Co-authored-by: Alma Jenks <v-alje@microsoft.com> Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> Co-authored-by: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com> Co-authored-by: Nidhi Doshi <77081571+doshnid@users.noreply.github.com> Co-authored-by: Gary Moore <5432776+garycentric@users.noreply.github.com> Co-authored-by: Vinay Pamnani (from Dev Box) <vinpa@microsoft.com> Co-authored-by: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Co-authored-by: Aaron Czechowski <aczechowski@users.noreply.github.com> Co-authored-by: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Co-authored-by: Daniel H. Brown <32883970+DHB-MSFT@users.noreply.github.com> Co-authored-by: David Strome <21028455+dstrome@users.noreply.github.com> Co-authored-by: Padma Jayaraman <v-padmaj@microsoft.com> Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Co-authored-by: Rebecca Agiewich <16087112+rjagiewich@users.noreply.github.com> Co-authored-by: Rick Munck <33725928+jmunck@users.noreply.github.com> Co-authored-by: Tanaka <Huios@users.noreply.github.com> Co-authored-by: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Co-authored-by: Frank Rojas <45807133+frankroj@users.noreply.github.com> Co-authored-by: Davide Piccinini <davide.piccinini.95@gmail.com> Co-authored-by: Phil Garcia <phil@thinkedge.com> Co-authored-by: Learn Build Service GitHub App <Learn Build Service LearnBuild@microsoft.com> Co-authored-by: tiaraquan <tiaraquan@microsoft.com> Co-authored-by: Caitlin Hart <caithart@microsoft.com> Co-authored-by: Harman Thind <63820404+hathin@users.noreply.github.com> Co-authored-by: [cmknox] <[cmknox@gmail.com]> Co-authored-by: Carmen Forsmann <cmforsmann@live.com>
15 KiB
title, description, ms.date
| title | description | ms.date |
|---|---|---|
| WebThreatDefense Policy CSP | Learn more about the WebThreatDefense Area in Policy CSP. | 09/27/2024 |
Policy CSP - WebThreatDefense
Note
In Microsoft Intune, this CSP is listed under the Enhanced Phishing Protection category.
AutomaticDataCollection
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/AutomaticDataCollection
This policy setting determines whether Enhanced Phishing Protection can collect additional information-such as content displayed, sounds played, and application memory-when your users enter their work or school password into a suspicious website or app. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious.
-
If you enable this policy setting, Enhanced Phishing Protection may automatically collect additional content for security analysis from a suspicious website or app when your users enter their work or school password into that website or app.
-
If you disable this policy setting, Enhanced Phishing Protection won't collect additional content for security analysis when your users enter their work or school password into a suspicious site or app.
-
If this policy isn't set, Enhanced Phishing Protection automatic data collection will honor the end user's settings.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | AutomaticDataCollection |
| Friendly Name | Automatic Data Collection |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | CaptureThreatWindow |
| ADMX File Name | WebThreatDefense.admx |
NotifyMalicious
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyMalicious
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a Microsoft login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
-
If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen won't warn your users if they type their work or school password into one of the malicious scenarios described above.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | NotifyMalicious |
| Friendly Name | Notify Malicious |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | NotifyMalicious |
| ADMX File Name | WebThreatDefense.admx |
NotifyPasswordReuse
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyPasswordReuse
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they reuse their work or school password.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they reuse their work or school password and encourages them to change it.
-
If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen won't warn users if they reuse their work or school password.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | NotifyPasswordReuse |
| Friendly Name | Notify Password Reuse |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | NotifyPasswordReuse |
| ADMX File Name | WebThreatDefense.admx |
NotifyUnsafeApp
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyUnsafeApp
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school passwords in Notepad, Winword, or M365 Office apps like OneNote, Word, Excel, etc.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they store their password in text editor apps.
-
If you disable or don't configure this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen won't warn users if they store their password in text editor apps.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | NotifyUnsafeApp |
| Friendly Name | Notify Unsafe App |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | NotifyUnsafeApp |
| ADMX File Name | WebThreatDefense.admx |
ServiceEnabled
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users don't see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender.
-
If you enable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is enabled in audit mode and your users are unable to turn it off.
-
If you disable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it won't capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on.
-
If you don't configure this setting, users can decide whether or not they will enable Enhanced Phishing Protection in Microsoft Defender SmartScreen.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
Allowed values:
| Value | Description |
|---|---|
| 0 | Disabled. |
| 1 (Default) | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | ServiceEnabled |
| Friendly Name | Service Enabled |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | ServiceEnabled |
| ADMX File Name | WebThreatDefense.admx |