Policy
Configure Remote Encryption Protection Mode
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Set the mode for Brute-Force Protection in Microsoft Defender Antivirus, which can detect and block attempts to forcibly initiate sign in and initiate sessions. Supported settings: * 0 - Not configured or Default: Apply defaults, which can vary depending on the antivirus engine version and the platform * 1 - Block: Prevent suspicious and malicious behaviors * 2 - Audit: Generate EDR detections without blocking * 4 - Off: Feature is off with no performance impact
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Specify the state of Brute-Force Protection ID Remediation_BNB_BFP_BruteForceProtection_ConfiguredState | enum | HKLM\Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Brute Force Protection\BruteForceProtectionConfiguredState Type REG_DWORD | Options: Default (0), Block (1), Audit (2), Off (4) |
Other policies in this category
Explore related policies at the same level.
- ComputerConfigure Brute-Force Protection aggressivenessAt least Windows Server 2016, Windows 10 Version 1607
- ComputerConfigure Brute-Force Protection blocking timeAt least Windows Server 2016, Windows 10 Version 1607
- ComputerSet exclusions from Brute-Force ProtectionAt least Windows Server 2016, Windows 10 Version 1607