Have you noticed that there is a really handy security feature that came to Windows 11 in version 22H2
But It’s not enabled by default and it also requires you to log into Windows with your password instead of Windows Hello.
Table of Contents
How to check if it’s enabled with PowerShell
1 |
Get-Item -Path Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components |
Enhanced Phishing Protection in Microsoft Defender SmartScreen – Windows security | Microsoft Learn
How to check if it’s enabled with settings app.
Type Reputation to search.
And you will be redirected to Windows security settings. In here you will be find the Phishing protection settings.
How to enable with MDM?
Open Endpoint management portal https://endpoint.microsoft.com/
Browse to Devices and create a new profile
Choose Windows 10 and later with profile type of Settings catalog
Next step, search for Smart Screen and find the setting under it.
There the the URI for the feature
Setting | OMA-URI | Data type |
---|---|---|
ServiceEnabled | ./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled | Integer |
NotifyUnsafeApp | ./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyUnsafeApp | Integer |
And you will see it in the list
The default scope tag is automatically added to all untagged objects that support scope tags.
As a side note, if you want to create more tags they can be found here.
And more info here.
And then choose users, groups or devices.
Once created and applied, you can see the progress under the profile.
How does it work?
When you sign-in to Windows 11 with your password and type the same password in example notepad, you will get an warning.
More information on Microsoft article.