Policy
Set exclusions from Brute-Force Protection
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Specify IP addresses, subnets or workstation names to exclude from Brute-Force Protection. Excluded IP addresses will not be checked for possible brute force activity. Note that attackers can spoof excluded addresses and names to bypass protection. Ensure the names are unique and unlikely to be guessed by attackers. Enter each address or subnet on a new line as a name-value pair: - Name column: Enter an IP address, subnet name, or workstation name. For example, "1.1.127.0" will exclude this IP address from getting blocked by BFP. - Value column: Enter "0" for each item
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Brute-Force Protection Exclusions ID Remediation_BNB_BFP_BruteForceProtectionExclusions | list | Path Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Brute Force Protection\BruteForceProtectionExclusions Value name BruteForceProtection_Exclusions Type REG_MULTI_SZ | List: additive, explicit value |