After configuring all the Endpoint Protection settings in Intune, we’ve noticed that endpoints are still showing a warning on the Windows Security icon. Opening Windows Security Center shows that App & browser control is still turned off.
The App it’s referring to is a PUA, or Potentially Unwanted Application, that can be downloaded from the internet. That’s what we need to block.
Step 1: Log into https://intune.microsoft.com and navigate to Devices -> Windows -> Configuration Profiles and click the Create Profile button. Choose Windows 10 and later, Settings catalog, and click create.
Step 2: Give the profile a name, like SmartScreen settings to Enable App & Browser Protection, and click Next. On the Configuration settings page, click the Add settings button. In the search window, look for “SmartScreen settings” and click on Microsoft Edge\SmartScreen settings. At the bottom, select “Configure Microsoft Defender SmartScreen” and “Configure Microsoft Defender SmartScreen to block potentially unwanted apps.”
Step 3: Close the Settings picker by clicking the X at the top-right, and click the slider to enable the 2 settings that were just selected. Complete the wizard ensuring that a Required Assignment is added for the Test Devices group.
Step 4: Navigate to Endpoint Security -> Antivirus. If the Antivirus policy has already been set up, edit the Microsoft Defender Antivirus policy. If not, we’ll create the policy now and only enable the appropriate setting for this scenario.
Click Create Policy, and select “Windows 10, Windows 11, and Windows Server” as the platform. Then choose Microsoft Defender Antivirus for the Profile and click Create.
Give the policy a name, like PUA Settings to Enable App & Browser control, and click Next.
About 2/3 of the way down the Configuration settings, you will see PUA Protection. Click the drop-down and select “PUA Protection on. Detected items are blocked…”
Complete the wizard, ensuring to create a Required Assignment for the same test group that was used earlier.
With SmartScreen configured to block PUA, and PUA Protection enabled at the antivirus level, the requirements for App & Browser control will now be met, and the warning will disappear.
