64.1.1 (L1) Ensure 'Notify Malicious' is set to 'Enabled'

Information

This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a Microsoft login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate.

The recommended state for this setting is: Enabled

Note: This setting only applies to Microsoft Accounts (computer or browser login) while using Microsoft Windows 11 and not on-prem domain-joined accounts.

Users will receive a pop-up notification if they try to access a website that is being blocked by Windows Defender SmartScreen. This assists users in making informed decisions about why the website is being blocked and whether to continue to it.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled :

Smart Screen\Enhanced Phishing Protection\Notify Malicious

Impact:

In some cases, Windows Defender SmartScreen may block legitimate websites, that have been incorrectly flagged by Microsoft.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16, CSCv7|8.3

Plugin: Windows

Control ID: ba77957a398417aa9cad4fcededdbbdaeeadd9b6be58c4495d9c4115c2c64dea