Information
This policy setting controls detection and action for Potentially Unwanted Applications (PUA), which are sneaky unwanted application bundlers or their bundled applications, that can deliver adware or malware.
The recommended state for this setting is: Enabled: Block.
For more information, see this link: Block potentially unwanted applications with Microsoft Defender Antivirus | Microsoft Docs
Rationale:
Potentially unwanted applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications. They should be blocked from installation.
Impact:
Applications that are identified by Microsoft as PUA will be blocked at download and install time.
Solution
To establish the recommended configuration, set the following Device Configuration Policy to Enabled: Block:
To access the Device Configuration Policy from the Intune Home page:
Click Devices
Click Configuration profiles
Click Create profile
Select the platform (Windows 10 and later)
Select the profile (Custom)
Click Create
Enter a Name
Click Next
Configure the following Setting
Name: <Enter name>
Description: <Enter Description>
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Defender/PUAProtection
Data type: Integer
Value: 1
Select OK
Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.)
Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy.
Default Value:
Disabled. (Applications that are identified by Microsoft as PUA will not be blocked.)