Configure Microsoft Defender SmartScreen to block potentially unwanted apps with Microsoft Intune

Microsoft Defender Smartscreen

The Microsoft Defender Smartscreen feature is available for a long time in the legacy Edge browser, Internet Explorer and even for Chrome via a plugin. These all can be managed with Microsoft Intune like I showed in a old post. In the new Microsoft Edge Chromium browser, Smartscreen is also available and since the release of version 80.0.338.0, Microsoft also made an option available to block potentially unwanted apps.

In this short blog post I show how we can enable Microsoft Defender Smartscreen including the option to block potentially unwanted apps.

Configure Administrative Templates profile

The Smartscreen settings can all be managed with an Administrative Templates profile in Microsoft Intune.

  • Sign-in to the Device Management Portal
  • Browse to Devices – Windows
  • On the Configuration Profiles tab click Create profile
  • Give the configuration profile a Name
  • Enter a Description (optional)
  • Choose Windows 10 as Platform
  • Choose Administrative Templates as Profile type
  • Click Create
  • Open the settings tab
  • Select Edge version 77 and later from the drop-down list
  • Search for Smartscreen which gives an overview of all smartscreen related settings
  • Click the setting Configure Microsoft Defender SmartScreen to block potentially unwanted apps (if you don`t want your users to bypass)
  • Select Enabled
  • Click the setting Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads
  • Select Enabled

Do the same for Configure Microsoft Defender SmartScreen and I suggest at least also for Prevent bypassing Microsoft Defender SmartScreen prompts for sites.
When your finished, assign the profile to a security group and your finished.

End-user experience

Start the Microsoft Edge Chromium based browser and open the settings. On the tab Privacy and service, scroll down. Here we can see Microsoft Defender Smartscreen and Block potentially unwanted apps are switched on and marked with a briefcase icon. The briefcase icon indicates the policies is managed by the organization.

To test Smartscreen we can visit https://demo.smartscreen.msft.net/
To test the Block potentially unwanted apps setting click Blocked Download.

The user will see a message the download was blocked as unsafe.

If the user clicks on the three dots the option to keep the file is greyed out.
If you didn`t set the setting Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads to enabled, the user is able to keep the file.

That`s it for this short post. Thank you for reading!




Be the first to comment

Leave a Reply

Your email address will not be published.


*