Information
This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns users if they reuse their work or school password.
The recommended state for this setting is: Enabled
Note: This setting only applies to Microsoft Accounts (computer or browser login) while using Microsoft Windows 11 and not on prem domain-joined accounts.
Users will be alerted if they try to use a password that has been exposed in a known data breach. This can help reduce the risk of password-related security incidents, such as unauthorized access to online accounts, and can encourage users to choose strong and unique passwords.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled :
Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse
Note: This Group Policy path is provided by the Group Policy template WebThreatDefense.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates v1.0 (or newer).
Impact:
Password reuse may be detected as a false positive by Microsoft.