How to Turn on Network Protection

Posted on by Summa Lai

Check if network protection is enabled

Check if network protection has been enabled on a local device by using Registry editor.

  1. Select the Start button in the task bar and type regedit to open Registry editor.
  2. Choose HKEY_LOCAL_MACHINE from the side menu.
  3. Navigate through the nested menus to SOFTWARE > Policies > Microsoft > Windows Defender > Policy Manager.

If the Key is missing, Navigate to SOFTWARE > Microsoft > Windows Defender > Windows Defender Exploit Guard > Network Protection.

  1. Select EnableNetworkProtection to see the current state of network protection on the device:
    • 0, or Off
    • 1, or On
    • 2, or Audit mode

There are a couple of different ways to enable network protection.

PowerShell

  1. Type powershell in the Start menu, right-click Windows PowerShell and select Run as administrator.
  2. Enter the following cmdlet:PowerShellCopySet-MpPreference -EnableNetworkProtection Enabled
  3. Optional: Enable the feature in audit mode using the following cmdlet:PowerShellCopySet-MpPreference -EnableNetworkProtection AuditMode Use Disabled instead of AuditMode or Enabled to turn off the feature.

Mobile device management (MDM)

Use the ./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection configuration service provider (CSP) to enable or disable network protection or enable audit mode.

Update Microsoft Defender antimalware platform to the latest version before you enable or disable network protection or enable audit mode.

Microsoft Intune

Microsoft Defender for Endpoint Baseline method

  1. Sign into the Microsoft Intune admin center (https://endpoint.microsoft.com).
  2. Go to Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline.
  3. Select Create a profile, then provide a name for your profile, and then select Next.
  4. In the Configuration settings section, go to Attack Surface Reduction Rules > set BlockEnable or Audit for Enable network protection. Select Next.
  5. Select the appropriate Scope tags and Assignments as required by your organization.
  6. Review all the information, and then select Create.

Antivirus policy method

  1. Sign into the Microsoft Intune admin center (https://endpoint.microsoft.com).
  2. Go to Endpoint security > Antivirus
  3. Select Create a policy
  4. In the Create a policy flyout, choose Windows 10, Windows 11, and Windows Server from the Platform list.
  5. Choose Microsoft Defender Antivirus from the Profile list then choose Create
  6. Provide a name for your profile, and then select Next.
  7. In the Configuration settings section, select DisabledEnabled (block mode) or Enabled (audit mode) for Enable Network Protection, then select Next.
  8. Select the appropriate Assignments and Scope tags as required by your organization.
  9. Review all the information, and then select Create.

Configuration profile method

  1. Sign into the Microsoft Intune admin center (https://endpoint.microsoft.com).
  2. Go to Devices > Configuration profiles > Create profile.
  3. In the Create a profile flyout, select Platform and choose the Profile Type as Templates.
  4. In the Template name, Choose Endpoint protection from the list of templates, and then select Create.
  5. Go to Endpoint protection > Basics, provide a name for your profile, and then select Next.
  6. In the Configuration settings section, go to Microsoft Defender Exploit Guard > Network filtering > Network protection > Enable or Audit. Select Next.
  7. Select the appropriate Scope tagsAssignments, and Applicability rules as required by your organization. Admins can set more requirements.
  8. Review all the information, and then select Create.

Group Policy

Use the following procedure to enable network protection on domain-joined computers or on a standalone computer.

  1. On a standalone computer, go to Start and then type and select Edit group policy.-Or-On a domain-joined Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.
  2. In the Group Policy Management Editor, go to Computer configuration and select Administrative templates.
  3. Expand the tree to Windows components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Network protection. NoteOn older versions of Windows, the group policy path may say “Windows Defender Antivirus” instead of “Microsoft Defender Antivirus.”
  4. Double-click the Prevent users and apps from accessing dangerous websites setting and set the option to Enabled. In the options section, you must specify one of the following options:
    • Block – Users can’t access malicious IP addresses and domains.
    • Disable (Default) – The Network protection feature won’t work. Users won’t be blocked from accessing malicious domains.
    • Audit Mode – If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log. However, the user won’t be blocked from visiting the address. ImportantTo fully enable network protection, you must set the Group Policy option to Enabled and also select Block in the options drop-down menu. NoteOptional: Follow the steps in Check if network protection is enabled to verify that your Group Policy settings are correct.

Ref: Turn on network protection | Microsoft Learn