Configure Remote Encryption Protection Mode
Supported on: At least Windows Server 2016, Windows 10 Version 1607
Registry
HKLM
Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Brute Force Protection Value name: BruteForceProtectionConfiguredState
Options
BruteForceProtectionConfiguredState enum - Default
->
0 - Block
->
1 - Audit
->
2 - Off
->
4
Description
Set the mode for Brute-Force Protection in Microsoft Defender Antivirus, which can detect and block attempts to forcibly initiate sign in and initiate sessions. Supported settings: * 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform * 1 - Block: Prevent suspicious and malicious behaviors * 2 - Audit: Generate EDR detections without blocking * 4 - Off: Feature is off with no performance impact