Prevent users and apps from accessing dangerous websites


Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet.

Enabled:
Specify the mode in the Options section:
-Block: Users and applications will not be able to access dangerous domains
-Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs.

Disabled:
Users and applications will not be blocked from connecting to dangerous domains.

Not configured:
Same as Disabled.

Supported on: At least Windows Server, Windows 10 Version 1709

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
Value NameEnableNetworkProtection
Value TypeREG_DWORD
Enabled Value1
Disabled Value0




  1. Disable (Default)
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
    Value NameEnableNetworkProtection
    Value TypeREG_DWORD
    Value0
  2. Block
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
    Value NameEnableNetworkProtection
    Value TypeREG_DWORD
    Value1
  3. Audit Mode
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
    Value NameEnableNetworkProtection
    Value TypeREG_DWORD
    Value2


windowsdefender.admx

Administrative Templates (Computers)

Administrative Templates (Users)