Enable Network protection

Applies to:

  • Windows 10, version 1709

Audience

  • Enterprise security administrators

Manageability available with

  • Group Policy
  • PowerShell
  • Configuration service providers for mobile device management

Network protection is a feature that is part of Windows Defender Exploit Guard. It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.

This topic describes how to enable Network protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM).

Enable and audit Network protection

You can enable Network protection in either audit or block mode with Group Policy, PowerShell, or MDM settings with CSP.

For background information on how audit mode works, and when you might want to use it, see the audit Windows Defender Exploit Guard topic.

Use Group Policy to enable or audit Network protection

  1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.

  2. In the Group Policy Management Editor go to Computer configuration.

  3. Click Policies then Administrative templates.

  4. Expand the tree to Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Network protection.

  5. Double-click the Prevent users and apps from accessing dangerous websites setting and set the option to Enabled. In the options section you must specify one of the following:

    • Block - Users will not be able to access malicious IP addresses and domains
    • Disable (Default) - The Network protection feature will not work. Users will not be blocked from accessing malicious domains
    • Audit Mode - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address.

Important

To fully enable the Network protection feature, you must set the Group Policy option to Enabled and also select Block in the options drop-down menu.

Use PowerShell to enable or audit Network protection

  1. Type powershell in the Start menu, right click Windows PowerShell and click Run as administrator
  2. Enter the following cmdlet:

    Set-MpPreference -EnableNetworkProtection Enabled
    

You can enable the feauting in audit mode using the following cmdlet:

Set-MpPreference -EnableNetworkProtection AuditMode

Use Disabled insead of AuditMode or Enabled to turn the feature off.

Use MDM CSPs to enable or audit Network protection

Use the ./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection configuration service provider (CSP) to enable and configure Network protection.