Information
This policy setting prevent users from making changes to the Exploit protection settings area in the Windows Security settings.
The recommended state for this setting is: Enabled
Only authorized IT staff should be able to make changes to the exploit protection settings in order to ensure the organizations specific configuration is not modified.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled :
Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Security\App and browser protection\Prevent users from modifying settings
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefenderSecurityCenter.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer).
Impact:
Local users cannot make changes in the Exploit protection settings area.