How to Configure the Most Secure Settings for Microsoft Defender

Microsoft Defender is a comprehensive security solution that protects your Windows devices from various threats, such as malware, ransomware, phishing, and more.

Microsoft Defender includes several features and settings that you can customize to enhance your security and privacy.

In this article, we will show you how to configure the most secure settings for Microsoft Defender, based on the recommendations from Microsoft and other sources.

 

Enable Real-Time Protection and Cloud-Delivered Protection
Real-time protection is a feature that scans your files and programs in real-time and blocks any malicious activity. Cloud-delivered protection is a feature that uses Microsoft’s cloud-based intelligence to detect and respond to new and emerging threats. To enable these features, follow these steps:

• Open Windows Security by selecting Start > Settings > Update & Security > Windows Security or by clicking the shield icon in the taskbar.

• Select Virus & threat protection.

• Under Virus & threat protection settings, select Manage settings.

• Turn on the following options: Real-time protection, Cloud-delivered protection, Automatic sample submission, and Tamper protection https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963.

 

Configure Firewall and Network Protection
Firewall and network protection is a feature that monitors your network connections and blocks unauthorized or malicious traffic. You can configure the firewall settings for different network profiles (domain, private, or public) and allow or block specific apps through the firewall. To configure the firewall settings, follow these steps:

• Open Windows Security and select Firewall & network protection.

• Select the network profile that you are currently using (for example, Private network).

• Turn on Windows Defender Firewall.

• Under Allow an app through firewall, select Change settings.

• Review the list of apps that are allowed or blocked by the firewall. You can uncheck any app that you don’t trust or don’t need to access the internet. You can also add a new app by selecting Allow another app.

• Select OK to save your changes https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide.

 

Enable Microsoft Defender SmartScreen
Microsoft Defender SmartScreen is a feature that helps protect you from malicious websites, downloads, and apps. It checks the reputation of the sites and files you visit or download and warns you if they are potentially dangerous. To enable this feature, follow these steps:

• Open Windows Security and select App & browser control.

• Under Microsoft Defender SmartScreen, turn on the following options: Check apps and files, SmartScreen for Microsoft Edge, SmartScreen for Microsoft Store apps
https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963.

 

Enable Exploit Protection
Exploit protection is a feature that helps protect your device from common exploits that target vulnerabilities in software. It applies mitigations to apps and processes to prevent or reduce the impact of attacks. To enable this feature, follow these steps:

• Open Windows Security and select App & browser control.

• Under Exploit protection settings, select Exploit protection settings.

• Under System settings, turn on all the options that are available (for example, Data Execution Prevention, Force randomization for images, Validate heap integrity, etc.)

https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963.

• Under Program settings, you can also customize the exploit protection settings for specific apps by selecting Add program to customize.

 

Enable Controlled Folder Access
Controlled folder access is a feature that helps protect your important files from ransomware and other unauthorized changes. It allows only trusted apps to access your protected folders and blocks any suspicious or malicious attempts. To enable this feature, follow these steps:

• Open Windows Security and select Virus & threat protection.

• Under Ransomware protection, select Manage ransomware protection.

• Turn on Controlled folder access.

• Under Protected folders, you can see the default folders that are protected by this feature (such as Documents, Pictures, Videos, etc.). You can also add additional folders by selecting Add a protected folder.

• Under Allow an app through Controlled folder access, you can see the list of apps that are allowed to access your protected folders. You can also add a new app by selecting Add an allowed app

https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963.

 

Enable Account Protection
Account protection is a feature that helps you improve your sign-in security and manage your account settings. It encourages you to use strong authentication methods such as Windows Hello or Microsoft Authenticator app and alerts you if there are any issues with your account. To enable this feature, follow these steps:

• Open Windows Security and select Account protection.

• Sign in with your Microsoft account if you haven’t already.

• Under Windows Hello, set up a PIN, fingerprint, or face recognition to sign in to your device without a password.

• Under Dynamic lock, turn on Allow Windows to automatically lock your device when you’re away if you want to use this feature.

• Under Account management, review your account settings and security info

https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963.

 

Update Your Device Regularly
One of the best ways to keep your device secure is to update it regularly with the latest security patches and feature updates. Windows Update automatically downloads and installs updates for your device, but you can also check for updates manually and change some settings. To update your device, follow these steps:

• Open Windows Security and select Device performance & health.

• Under Windows Update, select Check for updates.

• If there are any available updates, select Download and install or Install now.

• You can also select Advanced options to change some settings, such as when to schedule the updates, how to pause the updates, or how to opt in to the Windows Insider Program

https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963.

 

Conclusion
Microsoft Defender is a powerful security solution that can help you protect your Windows devices from various threats. By following the steps in this article, you can configure the most secure settings for Microsoft Defender and enhance your security and privacy. However, you should also remember that no security solution is perfect and you should always be careful and vigilant when using your device online.

References

Stay protected with Windows Security – Microsoft Support

Best practices for configuring Windows Defender Firewall – Microsoft Learn

This article was written by Bing AI client integrated in Skype.

Q: design a picture showing microsoft defender hardening

A:

The post How to Configure the Most Secure Settings for Microsoft Defender first appeared on Sorin Mustaca on Cybersecurity.