question

icelava avatar image
0 Votes"
icelava asked ·

"SmartScreen for Microsoft Edge is off" but it's not

Original thread
https://social.technet.microsoft.com/Forums/windows/en-US/8d9b70d7-dbe4-4531-a486-b18c609eae90/quotsmartscreen-for-microsoft-edge-is-offquot?forum=win10itprosecurity

Our Windows computers are AAD joined and MDM enrolled with Intune. We have some computers, that strangely, throw a warning that "SmartScreen for Microsoft Edge is off" every time a manual Windows Defender Antivirus scan is manually triggered.

Thing is, we have already have configuration profiles and administrative templates for SmartScreen enabled at both the Edge browser and OS levels, and they work as expected. Comparing through the documentation vs the actual reality of the computers, there appears to be discrepancies in the expectation of Registry key paths. Which may suggest false alarms.

This should be more a client OS problem but seem to have run out of ideas there. Anybody else controlling their AAD computers with Intune facing similar problems?

not-supportedazure-active-directorywindows-10-setup
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TeemoTang-2039 avatar image
0 Votes"
TeemoTang-2039 answered ·

On MDM side, default Microsoft Edge baseline settings for Intune are enough, I see you current configurations are ok, since you have refer to the following doc.

Configure Microsoft Defender SmartScreen

Default: Enabled

https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-edge?pivots=edge-october-2019

What I want remind is that: User can configure Microsoft Defender SmartScreen setting in Microsoft Edge Setting inside, look at the picture:

8553-edge.png

When I turn off Microsoft Defender SmartScreen here, the switch on Windows Security SmartScreen for Microsoft Edge will be turned off at the same time, so even though we have configured Microsoft Edge web browser baseline settings on Intune, on GPO, on registry, users may still modify it on browser itself. Next you see current situation…

8418-off.png

In my opinion, your configurations have been applied, all settings are correct, more good practices can be found here:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings#recommended-group-policy-and-mdm-settings-for-your-organization





edge.png (26.9 KiB)
off.png (17.9 KiB)
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.