Service Enabled

Information

This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users do not see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender.

If you enable this policy setting Enhanced Phishing Protection in Microsoft Defender SmartScreen is enabled in audit mode and your users are unable to turn it off.

If you disable this policy setting Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it will not capture events send telemetry or notify users. Additionally your users are unable to turn it on.

If you dont configure this setting users can decide whether or not they will enable Enhanced Phishing Protection in Microsoft Defender SmartScreen.

Solution

Policy Path: Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection
Policy Setting Name: Service Enabled

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 7c489348b61755117465347d72cf5768eb1bb4515027968bc2739922385b1379