This Microsoft Intune and Defender post will show how to enable SmartScreen on Windows and Edge using Intune.
Microsoft Defender SmartScreen and Windows Defender SmartScreen are attack surface reduction technologies that help organisations protect devices from malicious websites, files and malware.
SmartScreen has two main components: The web component enabled using Microsoft Defender SmartScreen on Microsoft Edge browsers (not Chrome), and the Files and execution component, also known as Windows SmartScreen, that protects against using and executing malicious files and applications.
Enable SmartScreen
With Intune, we can enable Windows Defender SmartScreen in the following places:
- Security Baseline – Enable the Security Baseline for Windows 10 and later. When using this option on top of all the security features, the Smart Screen settings will be turned on as shown below:
The above settings will enable Windows Defender SmartScreen only. By default, Microsoft Defender SmartScreen is enabled on Edge, and you can enforce (Prevent users from changing the config) by applying the CSP settings using a Custom Intune policy.
The CSP settings will enforce and enable Both Windows Defender SmartScreen and Microsoft Defender SmartScreen (Edge) settings.
The following settings control the Windows Defender SmartScreen.
- EnableAppInstallControl
- EnableSmartScreenInShell
The following settings control the Microsoft Defender SmartScreen (Edge).
- AllowSmartScreen
You must understand the difference between the two and how Intune configures and controls them.
Check if Defender SmartScreen is Enabled
On a local machine, you can check if SmartScreen is enabled or disabled using the following settings.
Leave a Reply