Information
This policy setting controls Microsoft Defender Exploit Guard network protection.
The recommended state for this setting is: Enabled: Block
This setting can help prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: Block :
Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites
Note: This Group Policy path is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer).
Impact:
Users and applications will not be able to access dangerous domains.