Policy

Select Device Control Default Enforcement Policy

Microsoft Windows

Back to Device ControlBack to main
Select Device Control Default Enforcement Policy
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Microsoft Defender Antivirus > Device Control
Supported on
At least Windows Server 2016, Windows 10 Version 1607

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

Default Allow: Choosing this default enforcement, will Allow any operations to occur on the attached devices if no policy rules are found to match. Default Deny: Choosing this default enforcement, will Deny any operations to occur on the attached devices if no policy rules are found to match. Default Enforcement will establish what decision should be made during the Device Control access checks when none of the policy rules match.

Internal name
DeviceControl_DefaultEnforcement
Policy ID
ee058eead56a
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Select Device Control Default Enforcement Policy
ID DeviceControlDefaultEnforcementDropDown
enum
Path
Software\Policies\Microsoft\Windows Defender\Device Control
Value name
DefaultEnforcement
Type
REG_DWORD
Options: Default Allow (1), Default Deny (2)
Select Device Control Default Enforcement Policy
Computer · Type enum
Registry mapping
Path
Software\Policies\Microsoft\Windows Defender\Device Control
Value name
DefaultEnforcement
Type
REG_DWORD
Details
Options: Default Allow (1), Default Deny (2)