Microsoft Defender SmartScreen in Windows 11 22H2

Have you noticed that there is a really handy security feature that came to Windows 11 in version 22H2

But It’s not enabled by default and it also requires you to log into Windows with your password instead of Windows Hello.

How to check if it’s enabled with PowerShell

Enhanced Phishing Protection in Microsoft Defender SmartScreen – Windows security | Microsoft Learn

How to check if it’s enabled with settings app.

Type Reputation to search.

And you will be redirected to Windows security settings. In here you will be find the Phishing protection settings.

How to enable with MDM?

Open Endpoint management portal https://endpoint.microsoft.com/

Browse to Devices and create a new profile

Choose Windows 10 and later with profile type of Settings catalog

Next step, search for Smart Screen and find the setting under it.

There the the URI for the feature

SettingOMA-URIData type
ServiceEnabled./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabledInteger
NotifyUnsafeApp./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyUnsafeAppInteger

And you will see it in the list

The default scope tag is automatically added to all untagged objects that support scope tags.

As a side note, if you want to create more tags they can be found here.

And more info here.

And then choose users, groups or devices.

Once created and applied, you can see the progress under the profile.

How does it work?

When you sign-in to Windows 11 with your password and type the same password in example notepad, you will get an warning.

More information on Microsoft article.

Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *