Policy

Select Device Control Default Enforcement Policy

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Microsoft Defender Antivirus > Device Control
Supported onAt least Windows Server 2016, Windows 10 Version 1607

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

Default Allow: Choosing this default enforcement, will Allow any operations to occur on the attached devices if no policy rules are found to match. Default Deny: Choosing this default enforcement, will Deny any operations to occur on the attached devices if no policy rules are found to match. Default Enforcement will establish what decision should be made during the Device Control access checks when none of the policy rules match.

Internal name
DeviceControl_DefaultEnforcement
Policy ID
ee058eead56a
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Select Device Control Default Enforcement Policy
ID DeviceControlDefaultEnforcementDropDown
enum
HKLM\Software\Policies\Microsoft\Windows Defender\Device Control\DefaultEnforcement
Type REG_DWORD
Options: Default Allow (1), Default Deny (2)

Other policies in this category

Explore related policies at the same level.