18.10.75.1.1 (L1) Ensure 'Automatic Data Collection' is set to 'Enabled'

Information

This policy setting determines whether Enhanced Phishing Protection can collect additional information such as content displayed, sounds played, and application memory when users enter their work or school password into a suspicious website or app.

The recommended state for this setting is: Enabled

Note: Per Microsoft, this information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious.

Collection of this data assists Microsoft Defender SmartScreen in determining whether the user entered their work or school password into a suspicious website or app.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Automatic Data Collection

This Group Policy path may not exist by default. It is provided by the Group Policy template WebThreatDefense.admx/adml that is included with the Microsoft Windows 11 Release 23H2 Administrative Templates (or newer).

Impact:

Enhanced Phishing Protection may automatically collect additional content for security analysis from a suspicious website or app when users enter their work or school password into a website or app.

See Also

https://workbench.cisecurity.org/benchmarks/16515

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16, CSCv7|8.3

Plugin: Windows

Control ID: ba910b1512875064c04ae831e6d3fe226a6a911288aece8cda24180bd8e7dc3c