You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. On your Windows device, select Start, type `powershell`, right-click **Windows PowerShell**, and then select **Run as administrator**.
76
-
77
-
2. Run the following cmdlet:
78
-
79
-
```PowerShell
80
-
Set-MpPreference -EnableNetworkProtection Enabled
81
-
```
82
-
83
-
3. For Windows Server, use the additional commands that listed in the following table:
84
-
85
-
| Windows Server version | Commands |
86
-
|---|---|
87
-
| Windows Server 2019 and later |`set-mpPreference -AllowNetworkProtectionOnWinServer $true`|
88
-
| Windows Server 2016 <br/>Windows Server 2012 R2 with the [unified agent for Microsoft Defender for Endpoint](/defender-endpoint/enable-network-protection)|`set-MpPreference -AllowNetworkProtectionDownLevel $true` <br/> `set-MpPreference -AllowNetworkProtectionOnWinServer $true`|
89
-
90
-
4. (This step is optional.) To set network protection to audit mode, use the following cmdlet:
To turn off network protection, use the `Disabled` parameter instead of `AuditMode` or `Enabled`.
97
-
98
-
### Mobile device management (MDM)
99
-
100
-
1. Use the [EnableNetworkProtection](/windows/client-management/mdm/policy-csp-defender#enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode.
101
-
102
-
2.[Update Microsoft Defender antimalware platform to the latest version](https://support.microsoft.com/topic/update-for-microsoft-defender-antimalware-platform-92e21611-8cf1-8e0e-56d6-561a07d144cc) before you enable or disable network protection or enable audit mode.
71
+
-[PowerShell](#powershell)
103
72
104
73
### Microsoft Intune
105
74
@@ -155,6 +124,12 @@ To enable network protection, you can use one of the following methods:
155
124
156
125
8. Review all the information, and then select **Create**.
157
126
127
+
### Mobile device management (MDM)
128
+
129
+
1. Use the [EnableNetworkProtection](/windows/client-management/mdm/policy-csp-defender#enablenetworkprotection) configuration service provider (CSP) to turn network protection on or off, or to enable audit mode.
130
+
131
+
2.[Update Microsoft Defender anti-malware platform to the latest version](https://support.microsoft.com/topic/update-for-microsoft-defender-antimalware-platform-92e21611-8cf1-8e0e-56d6-561a07d144cc) before you turn network protection on or off.
132
+
158
133
### Group Policy
159
134
160
135
Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.
@@ -163,19 +138,19 @@ Use the following procedure to enable network protection on domain-joined comput
163
138
164
139
*-Or-*
165
140
166
-
On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**.
141
+
On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx). Right-click the Group Policy Object you want to configure and select **Edit**.
167
142
168
143
2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
169
144
170
145
3. Expand the tree to **Windows components**\>**Microsoft Defender Antivirus**\>**Microsoft Defender Exploit Guard**\>**Network protection**.
171
146
172
-
Note that on older versions of Windows, the Group Policy path might have *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus*.
147
+
On older versions of Windows, the Group Policy path might have *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus*.
173
148
174
149
4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options:
175
150
176
151
-**Block** - Users can't access malicious IP addresses and domains.
177
152
-**Disable (Default)** - The Network protection feature won't work. Users aren't blocked from accessing malicious domains.
178
-
-**Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
153
+
-**Audit Mode** - If a user visits a malicious IP address or domain, an event is recorded in the Windows event log. However, the user won't be blocked from visiting the address.
179
154
180
155
> [!IMPORTANT]
181
156
> To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.
@@ -203,11 +178,42 @@ Use the following procedure to enable network protection on domain-joined comput
203
178
204
179
7. From the ribbon, select **Deploy** to deploy the policy to a collection.
205
180
181
+
### PowerShell
182
+
183
+
1. On your Windows device, click **Start**, type `powershell`, right-click **Windows PowerShell**, and then select **Run as administrator**.
184
+
185
+
2. Run the following cmdlet:
186
+
187
+
```PowerShell
188
+
Set-MpPreference -EnableNetworkProtection Enabled
189
+
```
190
+
191
+
3. For Windows Server, use the additional commands listed in the following table:
192
+
193
+
| Windows Server version | Commands |
194
+
|---|---|
195
+
|Windows Server 2019 and later |`set-mpPreference -AllowNetworkProtectionOnWinServer $true`|
196
+
|Windows Server 2016 <br/>Windows Server 2012 R2 with the [unified agent for Microsoft Defender for Endpoint](/defender-endpoint/enable-network-protection)|`set-MpPreference -AllowNetworkProtectionDownLevel $true` <br/> `set-MpPreference -AllowNetworkProtectionOnWinServer $true` <br/> `set-MpPreference -AllowDatagramProcessingOnWinServer $true`|
197
+
198
+
> [!IMPORTANT]
199
+
> For Domain Controllers and Microsoft Exchange servers, set the `AllowDatagramProcessingOnWinServer` parameter to `$false`. These roles often generate high volumes of UDP traffic, which can affect network performance and reliability when datagram processing is enabled. Disabling this setting helps maintain network stability and optimize resource usage in demanding environments.
200
+
201
+
4. (This step is optional.) To set network protection to audit mode, use the following cmdlet:
To turn off network protection, use the `Disabled` parameter instead of `AuditMode` or `Enabled`.
208
+
206
209
#### Important information about removing Exploit Guard settings from a device
207
210
208
-
Once an Exploit Guard policy is deployed using Configuration Manager, Exploit Guard settings aren't removed from the clients if you remove the deployment. Furthermore, if you remove the client's Exploit Guard deployment, `Delete not supported` is recorded in the client's `ExploitGuardHandler.log` in Configuration Manager. <!--CMADO8538577-->
211
+
When you deploy an Exploit Guard policy using Configuration Manager, the settings remain on the client even if you later remove the deployment. If the deployment is removed, the client logs `Delete` not supported in the `ExploitGuardHandler.log` file.
212
+
213
+
<!--CMADO8538577-->
209
214
210
-
Use the following PowerShell script in the SYSTEM context to remove Exploit Guard settings correctly:<!--CMADO9907132-->
215
+
Use the following PowerShell script in the `SYSTEM` context to remove Exploit Guard settings correctly:
0 commit comments