Policy
Control whether or not exclusions are visible to Local Admins
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled. Disabled(Default): If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App or via PowerShell. Enabled: If you enable this setting, Local Admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell. Note: Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in Get-MpPreference.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows Defender\HideExclusionsFromLocalAdmins | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAllow antimalware service to remain running alwaysAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerAllow antimalware service to startup with normal priorityAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerConfigure detection for potentially unwanted applicationsAt least Windows Server 2016, Windows 10 Version 1607
- ComputerConfigure local administrator merge behavior for listsAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerConfigure scheduled task times randomization windowAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerControl whether exclusions are visible to local usersAt least Windows Server 2016, Windows 10 Version 1607
- ComputerDefine addresses to bypass proxy serverAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerDefine proxy auto-config (.pac) for connecting to the networkAt least Windows Server 2016, Windows 10
- ComputerDefine proxy server for connecting to the networkAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerDefine the directory path to copy support log filesAt least Windows Server 2016, Windows 10 Version 1607
- ComputerRandomize scheduled task timesAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerSelect the channel for Microsoft Defender daily security intelligence updatesAt least Windows Server 2016, Windows 10 Version 1607