Skip to main content
Version: 2.1.1-preview

MT.1165 - Network Protection should be enabled

Overview

Checks that Network Protection is enabled in block or audit mode in all assigned Microsoft Defender Antivirus policies.

Disabled network protection allows web-based threats and malicious IP connections, exposing endpoints to phishing sites and command-and-control traffic.

Remediation action:

  1. Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
  2. Edit the relevant Microsoft Defender Antivirus policy
  3. Set Network Protection to Enabled or Audit mode

Test Metadata

FieldValue
Test IDMT.1165
SeverityHigh
SuiteM365 Advisor
CategoryDefender
PowerShell testTest-MtMdeNetworkProtection
TagsDefender, M365Advisor, MT.1165

Remediation

  1. Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
  2. Edit the relevant Microsoft Defender Antivirus policy
  3. Set Network Protection to Enabled or Audit mode

Source

  • Pester test: tests/M365Advisor/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1
  • PowerShell source: powershell/public/M365Advisor/defender/Test-MtMdeNetworkProtection.ps1