Select cloud protection level


This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files.

If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.

For more information about specific values that are supported, see the Microsoft Defender Antivirus documentation site.

Note: This feature requires the "Join Microsoft MAPS" setting enabled in order to function.

Possible options are:
(0x0) Default Microsoft Defender Antivirus blocking level
(0x1) Moderate Microsoft Defender Antivirus blocking level, delivers verdict only for high confidence detections
(0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)
(0x4) High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact client performance)
(0x6) Zero tolerance blocking level – block all unknown executables

Supported on: At least Windows 10 Server, Windows 10 or Windows 10 RT

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\MpEngine
Value NameMpCloudBlockLevel
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Select cloud blocking level


  1. Default blocking level
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\MpEngine
    Value NameMpCloudBlockLevel
    Value TypeREG_DWORD
    Value0
  2. Moderate blocking level
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\MpEngine
    Value NameMpCloudBlockLevel
    Value TypeREG_DWORD
    Value1
  3. High blocking level
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\MpEngine
    Value NameMpCloudBlockLevel
    Value TypeREG_DWORD
    Value2
  4. High+ blocking level
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\MpEngine
    Value NameMpCloudBlockLevel
    Value TypeREG_DWORD
    Value4
  5. Zero tolerance blocking level
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows Defender\MpEngine
    Value NameMpCloudBlockLevel
    Value TypeREG_DWORD
    Value6


windowsdefender.admx

Administrative Templates (Computers)

Administrative Templates (Users)