18.10.75.1.2 (L1) Ensure 'Notify Malicious' is set to 'Enabled'

Information

This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a Microsoft login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate.

The recommended state for this setting is: Enabled

Note: This setting only applies to Microsoft Accounts (computer or browser login) while using Microsoft Windows 11 and not on-prem domain-joined accounts.

Users will receive a pop-up notification if they try to access a website that is being blocked by Windows Defender SmartScreen. This assists users in making informed decisions about why the website is being blocked and whether to continue to it.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious

Note: This Group Policy path is provided by the Group Policy template WebThreatDefense.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates v1.0 (or newer).

Impact:

In some cases, Windows Defender SmartScreen may block legitimate websites, that have been incorrectly flagged by Microsoft.

See Also

https://workbench.cisecurity.org/benchmarks/17603

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16, CSCv7|8.3

Plugin: Windows

Control ID: 04624d2e6f2aaba89b51dacfceab99fba9d11454f1a83ad392e3136bb8dd3b37