Prevent users and apps from accessing dangerous websites

Supported on: At least Windows Server 2016, Windows 10 Version 1709

Registry

HKLM Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection

Value name: EnableNetworkProtection

Options

EnableNetworkProtection enum

Disable (Default) -> 0
Block -> 1
Audit Mode -> 2

Description

Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. Enabled: Specify the mode in the Options section: -Block: Users and applications will not be able to access dangerous domains -Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. Disabled: Users and applications will not be blocked from connecting to dangerous domains. Not configured: Same as Disabled.