Policy
Set exclusions from Brute-Force Protection
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Specify IP addresses, subnets or workstation names to exclude from Brute-Force Protection. Excluded IP addresses will not be checked for possible brute force activity. Note that attackers can spoof excluded addresses and names to bypass protection. Ensure the names are unique and unlikely to be guessed by attackers. Enter each address or subnet on a new line as a name-value pair: - Name column: Enter an IP address, subnet name, or workstation name. For example, "1.1.127.0" will exclude this IP address from getting blocked by BFP. - Value column: Enter "0" for each item
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Brute-Force Protection Exclusions ID Remediation_BNB_BFP_BruteForceProtectionExclusions | list | HKLM\Software\Policies\Microsoft\Windows Defender\Remediation\Behavioral Network Blocks\Brute Force Protection\BruteForceProtectionExclusions\BruteForceProtection_Exclusions Type REG_MULTI_SZ | List: additive, explicit value |
Other policies in this category
Explore related policies at the same level.
- ComputerConfigure Brute-Force Protection aggressivenessAt least Windows Server 2016, Windows 10 Version 1607
- ComputerConfigure Brute-Force Protection blocking timeAt least Windows Server 2016, Windows 10 Version 1607
- ComputerConfigure Remote Encryption Protection ModeAt least Windows Server 2016, Windows 10 Version 1607