You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/network-protection.md
+26-18Lines changed: 26 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -329,7 +329,7 @@ Due to the multi-user nature of Windows 10 Enterprise, keep the following points
329
329
330
330
### Alternative option for network protection
331
331
332
-
For Windows Server 2012R2/2016 unified MDE client, Windows Server version 1803 or newer, Windows Server 2019 or newer, and Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure, network protection for Microsoft Edge can be enabled using the following method:
332
+
For Windows Server 2012 R2 and Windows Server 2016 using the [modern unified solution](/defender-endpoint/configure-server-endpoints#functionality-in-the-modern-unified-solution), Windows Server version 1803 or later, and Windows 10 Enterprise Multi-Session 1909 and later, used in Windows Virtual Desktop on Azure, network protection for Microsoft Edge can be enabled using the following method:
333
333
334
334
1. Use [Turn on network protection](enable-network-protection.md) and follow the instructions to apply your policy.
335
335
@@ -352,28 +352,32 @@ Following is information specific to Windows Servers.
352
352
Verify whether network protection is enabled on a local device by using Registry Editor.
353
353
354
354
1. Select the **Start** button in the task bar and type **regedit** to open the Registry Editor.
355
-
1. Select **HKEY_LOCAL_MACHINE** from the side menu.
356
-
1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows defender** > **Windows Defender Exploit Guard** > **Network Protection**.
355
+
356
+
2. Select **HKEY_LOCAL_MACHINE** from the side menu.
357
+
358
+
3. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection**.
4. Select **EnableNetworkProtection** to see the current state of network protection on the device:
361
363
362
-
-0 = Off
363
-
-1 = On (enabled)
364
-
-2 = Audit mode
364
+
-`0` = Off
365
+
-`1` = On (enabled)
366
+
-`2` = Audit mode
365
367
366
368
For more information, see [Turn on network protection](enable-network-protection.md).
367
369
368
-
#### Network protection suggestion
370
+
#### Network protection suggested registry keys
371
+
372
+
For Windows Server 2012 R2 and Windows Server 2016 using the [modern unified solution](/defender-endpoint/configure-server-endpoints#functionality-in-the-modern-unified-solution), Windows Server version 1803 or later, and Windows 10 Enterprise Multi-Session 1909 and later (used in Windows Virtual Desktop on Azure), enable additional registry keys, as follows:
369
373
370
-
For Windows Server 2012R2/2016 unified MDE client, Windows Server version 1803 or newer, Windows Server 2019 or newer, and Windows 10 Enterprise Multi-Session 1909 and up (used in Windows Virtual Desktop on Azure), there are additional registry keys that must be enabled:
374
+
1. Go to **HKEY_LOCAL_MACHINE** > **SOFTWARE** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection**.
-**AllowNetworkProtectionDownLevel** (dword) 1 (hex) - Windows Server 2012R2 and Windows Server 2016 only
378
+
-`AllowNetworkProtectionOnWinServer` (DWORD) set to `1` (hex)
379
+
-`EnableNetworkProtection` (DWORD) set to `1` (hex)
380
+
- (On Windows Server 2012 R2 and Windows Server 2016 only) `AllowNetworkProtectionDownLevel` (DWORD) set to `1` (hex)
377
381
378
382
> [!NOTE]
379
383
> Depending on your infrastructure, volume of traffic, and other conditions, **HKEY_LOCAL_MACHINE** > **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **NIS** > **Consumers** > **IPS** - **AllowDatagramProcessingOnWinServer (dword) 1 (hex)** can have an effect on network performance.
@@ -382,16 +386,18 @@ For additional information, see: [Turn on network protection](enable-network-pro
382
386
383
387
#### Windows Servers and Windows Multi-session configuration requires PowerShell
384
388
385
-
For Windows Servers and Windows Multi-session, there are additional items that you must enable by using PowerShell cmdlets. For Windows Server 2012R2/2016 unified MDE client, Windows Server version 1803 or newer, Windows Server 2019 or newer, and Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure.
389
+
For Windows Servers and Windows Multi-session, there are additional items that you must enable by using PowerShell cmdlets. For Windows Server 2012 R2 and Windows Server 2016 unified client, Windows Server version 1803 or newer, Windows Server 2019 or newer, and Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure.
> In some cases, depending on your infrastructure, volume of traffic, and other conditions, **Set-MpPreference -AllowDatagramProcessingOnWinServer 1** can have an effect on network performance.
394
-
400
+
> In some cases, depending on your infrastructure, volume of traffic, and other conditions, `Set-MpPreference -AllowDatagramProcessingOnWinServer 1` can have an effect on network performance.
You can disable QUIC at the web browser level. However, this method of disabling QUIC means that QUIC continues to work on non-browser applications. To disable QUIC in Microsoft Edge or Google Chrome, open the browser, locate the Experimental QUIC protocol setting (#enable-quic flag), and then change the setting to Disabled. The following table shows which URI to enter in the browser's address bar so that you can access that setting.
0 commit comments