Network protection demonstrations
Applies to:
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Business
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender Antivirus
Network Protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
Scenario requirements and setup
- Windows 11 or Windows 10 version 1709 build 16273 or newer.
- Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2 with the new unified MDE Client.
- macOS
- Linux
- Microsoft Defender Antivirus
Windows
PowerShell command
Set-MpPreference -EnableNetworkProtection Enabled
Rule states
| State | Mode | Numeric value |
|---|---|---|
| Disabled | = Off | 0 |
| Enabled | = Block mode | 1 |
| Audit | = Audit mode | 2 |
Verify configuration
Get-MpPreference
Scenario
Turn on Network Protection using powershell command:
Set-MpPreference -EnableNetworkProtection EnabledUsing the browser of your choice (not Microsoft Edge*), navigate to the Network Protection website test. Microsoft Edge has other security measures in place to protect from this vulnerability (SmartScreen).
Expected results
Navigation to the website should be blocked and you should see a Connection blocked notification.
Clean-up
Set-MpPreference -EnableNetworkProtection Disabled
macOS/Linux
To configure the Network Protection enforcement level, run the following command from the Terminal:
mdatp config network-protection enforcement-level --value [enforcement-level]
For example, to configure network protection to run in blocking mode, execute the following command:
mdatp config network-protection enforcement-level --value block
To confirm that network protection has been started successfully, run the following command from the Terminal, and verify that it prints "started":
mdatp health --field network_protection_status
To test Network Protection on macOS/Linux
- Using the browser of your choice (not Microsoft Edge*), navigate to the Network Protection website test. Microsoft Edge has other security measures in place to protect from this vulnerability (SmartScreen).
- or from terminal
curl -o ~/Downloads/smartscreentestratings2.net https://smartscreentestratings2.net/
Expected results
Navigation to the website should be blocked and you should see a Connection blocked notification.
Clean-up
mdatp config network-protection enforcement-level --value audit
See also
Microsoft Defender for Endpoint - demonstration scenarios
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.