Policy

Configure Remote Encryption Protection Mode

Microsoft Windows

Back to Brute-Force ProtectionBack to main
Configure Remote Encryption Protection Mode
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Microsoft Defender Antivirus > Remediation > Behavioral Network Blocks > Brute-Force Protection
Supported on
At least Windows Server 2016, Windows 10 Version 1607

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

Set the mode for Brute-Force Protection in Microsoft Defender Antivirus, which can detect and block attempts to forcibly initiate sign in and initiate sessions. Supported settings: * 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform * 1 - Block: Prevent suspicious and malicious behaviors * 2 - Audit: Generate EDR detections without blocking * 4 - Off: Feature is off with no performance impact

Internal name
Remediation_BNB_BFP_BruteForceProtection_ConfiguredState
Policy ID
0ed4f5d2fded
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Specify the state of Brute-Force Protection
ID Remediation_BNB_BFP_BruteForceProtection_ConfiguredState
enum
Path
Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Brute Force Protection
Value name
BruteForceProtectionConfiguredState
Type
REG_DWORD
Options: Default (0), Block (1), Audit (2), Off (4)
Specify the state of Brute-Force Protection
Computer · Type enum
Registry mapping
Path
Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Brute Force Protection
Value name
BruteForceProtectionConfiguredState
Type
REG_DWORD
Details
Options: Default (0), Block (1), Audit (2), Off (4)