Update

Signed-off-by: Tommy <contact@tommytran.io>

Group Policies/Computer Configuration/Windows Components/Windows Defender SmartScreen.md

@@ -0,0 +1,12 @@
+# Windows Defender SmartScreen
+
+`Computer Configuration\Administrative Templates\Windows Components\Windows Defender SmartScreen`
+
+- Enhanced Phising Protection -> Service Enabled -> Disabled
+
+**For a corporate scenario or when you cannot trust the user you are configuring it for and you choose to have SmartScreen enabled, do the followings:**,
+
+- Explorer -> Configure Windows Defender SmartScreen -> Enabled -> Warn and prevent bypass
+- Microsoft Edge -> Prevent bypassing Windws Defender SmartScreen prompts for sites -> Enabled
+
+There is also Explorer -> Configure App Install Control that you might want to look into. Probably theatre though, it doesn't appear to block anything, or anything meaningful at least.

Windows Settings/Windows Security.md

@@ -45,7 +45,11 @@ Consider scenarios where you use Proton Drive/Mega/PrivateBin which append the e
 
 ### Phising protection
 
-Not sure if this does online or offline checks, so privacy implications are unclear. It is theatre anyways - use a proper password manager and FIDO2. Best to keep it off.
+This is extremely invasive to the point where I do not think it's okay to keep it on under any circumstances, with any kind of threat model.
+
+https://support.microsoft.com/en-us/topic/protect-your-microsoft-password-from-being-phished-e4e8e611-e4b3-4be9-914c-db1657c337cf
+
+The protection is minimal - it only "protects" the Microsoft account used to sign into Windows. The whole exercise is theatre, use a proper password manager and FIDO2.
 
 ### Potentially unwanted app blocking