Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager

Windows 11 22H2 update brought a lot of good stuff and as a tech enthusiast I really appreciate what Microsoft is doing to ensure the end user devices are protected. Enhanced Phishing Protection in Microsoft defender SmartScreen is one of them. While the features are available to the standard Windows Home user, I tested these settings using the Endpoint Manager to see what can be done for a Work or School account. So lets see the options available.

  1. Warn me about unsafe password storage
    1. My Test
    2. Why this still finicky
  2. Warn me about password reuse
  3. Warn me about malicious apps and sites
  4. License
  5. Endpoint Manager Device Configuration Profile Integration
  6. Use Microsoft Defender for Endpoint to View Alerts
  7. Some Improvements Required
  8. Final Words

How to see the settings in Defender?

Settings > Privacy and Security > Windows Security > App & browser control > Reputation-based protection settings > Phishing Protection

Warn me about unsafe password storage

Do not write your password on sticky notes, and do not save passwords on the computer. Does an average user listen to this advice? I know a lot does, but at the same time, a lot doesn’t. While writing passwords on sticky notes needs to be advised and re-advised frequently, now with the latest Windows 11 2022 (Win 11 22H2) update you can notify/ warn users when they try to save their Windows login password in “some” apps.

My Test

I’ve tested a few day-to-day using apps to see if this works as expected and quickly lower my expectations

This worked perfectly on Word, Excel, Notepad, WordPad, OneNote desktop version

Did not work on the OneNote Windows Store app or did not identify when I typed on a new mail using OWA in Edge browser.

Why this still finicky

You can still press the button Got it and continue saving the password, or if you copy and paste, the warning will not appear at all. So according to my tests, the behavior has got a lot of room for improvements.

Behaviour in Notepad

Behaviour in Excel

Warn me about password reuse

I tried to login to my twitter account using my Windows password. Although it’s not the same password I still got the warning, which is handy.

Warn me about malicious apps and sites

This is just great for many reasons. There are so many fake Microsoft 365 like login websites in the wild and organizations are being targeted by these attacks and they harvest the credentials to all sorts of bad things. While user awareness and user education is a MUST, social engineering can still trick someone into type their credentials.

With this option enabled, it will identify if it’s a phishing website and warn the user. Sometimes rather than user taking an informative decision, a screen prompt will give them more understanding about the severity of the action.

From Microsoft docs
If users type their work or school password on any Chromium browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection will alert them. It will also prompt them to change their password so attackers can’t gain access to their account.

License

Because the settings are connect to Defender SmartScreen, you will need the MDE license to view the Incidents and Alerts in the MDE portal.

Endpoint Manager Device Configuration Profile Integration

With the help of the Settings Catalog of Endpoint Manager it is possible to manage these features of the Win11 22H2 device.

Endpoint Manager > Devices > Configuration Profiles > Create Profile

Select Enhanced Phishing Protection under Smart Screen

  • Notify Malicious – Enables Enhanced Phishing Protection in audit mode for Windows 11 H2.
  • Notify Password Reuse – Configures Enhanced Phishing Protection notifications for protecting passwords from reuse.
  • Notify Unsafe App – Configures Enhanced Phishing Protection notifications for protecting passwords typed into M365 Office applications, Notepad, and Wordpad.
  • Service Enabled – Enables Enhanced Phishing Protection in audit mode for Windows 11 H2.

Use Microsoft Defender for Endpoint to View Alerts

To check the alerts, you will need to go to the MDE portal.

Security.microsoft.com > Alerts > Incidents & Alerts and look for Enhanced Phishing Protection

Image from: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/protect-passwords-with-enhanced-phishing-protection/ba-p/3631881

Some Improvements Required

While some settings like warning when storing the Windows password in apps must be a straight off Block, period. Or if they still save, maybe the password should be stripped out of the app. Also, this was not working in all apps. I would like to see it’s working in any app that the user can type and save.

Final Words

It will take one person to click on a link, enter credentials or save credentials in the computer. These are much needed security settings and this is definitely a good start and again, happy to see the steps Microsoft is taking to protect users, devices and organizations.

One thought on “Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.