diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md b/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md index 06e1fe0..86d8992 100644 --- a/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md +++ b/Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md @@ -1,15 +1,13 @@ # Microsoft Defender Antivirus -**MAPS and features dependent on it are not enabled using this policy. It just configures how aggressive MAPS should be. This is quite invasive so I will only enable it for certain OUs.** +**MAPS and features dependent on it disabled using this policy. It is quite invasive so I will only enable it for certain OUs.** `Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus` ## MAPS `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MAPS` - -- Configure the 'Block at First Sight' feature -> Enabled -- Send file samples when further analysis is required -> Enabled -> Always Prompt (Send safe sample works better with 'Block at First Sight, but I really, really do not trust Microsoft on this one) +- Join Microsoft MAPS -> Enabled -> Disabled ## Controlled Folder Access @@ -17,28 +15,11 @@ - Configure Controlled folder access -> Enabled -> Block -## Network Protection - -`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection` - -Only relevant if SmartScreen is used. - -Documentation: -- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide -- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide - -This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server) -Prevent users and apps from accessing dangerous websites -> Enabled -> Block - ## MpEngine `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine` -Only relevant if MAPS is used - - Enable file hash computation feature -> Enabled -- Configure extended cloud check -> Specify the extended cloud check time in seconds -> 50 -- Select cloud protection level -> Zero tolerance blocking level ## Quarantine diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Edge.md b/Group Policies Objects/Default Domain Policy/Microsoft Edge.md index 1b5d9ac..a1c4ad1 100644 --- a/Group Policies Objects/Default Domain Policy/Microsoft Edge.md +++ b/Group Policies Objects/Default Domain Policy/Microsoft Edge.md @@ -1,8 +1,9 @@ # Microsoft Edge `Computer Configuration\Policies\Administrative Templates\Microsoft Edge` -`Computer Configuration\Policies\Administrative Templates\Microsoft Edge - Default Settings (users can override)` You will need to download the Edge policies from https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ and install it. -For the actual policies to set, you can follow my repo at https://github.com/TommyTran732/Microsoft-Edge-Policies at set the equivalent group policies of what is being set there. \ No newline at end of file +For the actual policies to set, you can follow my repo at https://github.com/TommyTran732/Microsoft-Edge-Policies at set the equivalent group policies of what is being set there. + +SmartScreen and Typosquatting as recommeded settings doesn't seem to apply consistently, therefore I force them to be disabled in my Domain Default Policy. \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md b/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md index f32cb5a..0bacbdf 100644 --- a/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md +++ b/Group Policies Objects/Default Domain Policy/Windows Defender SmartScreen.md @@ -1,6 +1,9 @@ # Windows Defender SmartScreen +**SmartScreen and features dependent on it disabled using this policy. It is quite invasive so I will only enable it for certain OUs.** + `Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen` -- Enhanced Phishing Protection -> Service Enabled -> Disabled (**Does not show on Windows Server 2022 by default**) +- Enhanced Phishing Protection -> Service Enabled -> Disabled +- Explorer -> Configure Windows Defender SmartScreen -> Disabled - Microsoft Edge -> Configure Windows Defender SmartScreen -> Disabled diff --git a/Group Policies Objects/Gaming/Microsoft Defender (Gaming).md b/Group Policies Objects/Gaming/Microsoft Defender (Gaming).md new file mode 100644 index 0000000..27a1743 --- /dev/null +++ b/Group Policies Objects/Gaming/Microsoft Defender (Gaming).md @@ -0,0 +1,47 @@ +# Microsoft Edge + +`Computer Configuration\Policies\Administrative Templates\Microsoft Edge` + +- SmartScreen settings -> Configure Microsoft Defender SmartScreen -> Enabled +- SmartScreen settings -> Configure Microsoft SmartScreen to block potentially unwanted apps -> Enabled +- TyposuqattingChecker settings -> Configure Edge TyposquattingChecker -> Enabled + + +# Microsoft Defender Antivirus + +## MAPS + +`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus` +- Join Microsoft MAPS -> Enabled -> Advanced Membership +- Configure the 'Block at First Sight' feature -> Enabled +- Send file samples when further analysis is required -> Enabled -> Always Prompt (Send safe sample works better with 'Block at First Sight, but I really, really do not trust Microsoft on this one) + +## Network Protection + +`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection` + +Only relevant if SmartScreen is used. + +Documentation: +- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide +- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide + +This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server) +Prevent users and apps from accessing dangerous websites -> Enabled -> Block + +## MpEngine + +`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine` + +Only relevant if MAPS is used + +- Configure extended cloud check -> Specify the extended cloud check time in seconds -> 50 +- Select cloud protection level -> Zero tolerance blocking level + + +# Windows Defender SmartScreen + +`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen` + +- Explorer -> Configure Windows Defender SmartScreen -> Enabled -> Warn +- Microsoft Edge -> Configure Windows Defender SmartScreen -> Enabled diff --git a/Group Policies Objects/Gaming/Microsoft Defender Antivirus (Gaming).md b/Group Policies Objects/Gaming/Microsoft Defender Antivirus (Gaming).md deleted file mode 100644 index 3c31a68..0000000 --- a/Group Policies Objects/Gaming/Microsoft Defender Antivirus (Gaming).md +++ /dev/null @@ -1,14 +0,0 @@ -# Microsoft Edge - -`Computer Configuration\Policies\Administrative Templates\Microsoft Edge` - -- SmartScreen settings -> Configure Microsoft Defender SmartScreen -> Enabled -- SmartScreen settings -> Configure Microsoft SmartScreen to block potentially unwanted apps -> Enabled -- TyposuqattingChecker settings -> Configure Edge TyposquattingChecker -> Enabled - - -# Microsoft Defender Antivirus - -`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus` - -- Join Microsoft MAPS -> Enabled -> Advanced Membership \ No newline at end of file