Key Takeaways
- Enhanced Phishing Protection helps detect suspicious websites and apps.
- The policy controls whether additional security data can be collected for analysis.
- Enabling the policy allows SmartScreen to collect extra information for threat detection.
- If the policy is not configured, user device settings will be applied automatically.
Hey, let’s discuss about How Automates Data Collection to Boost Phishing Protection using Intune Policy. Enhanced Phishing Protection helps improve security by detecting when users enter their work or school passwords into suspicious websites or apps. This policy setting determines whether additional information, such as displayed content, sounds, and application memory, can be collected for security analysis to help Microsoft SmartScreen identify malicious activity.
Table of Contents
Table of Contents
How Automates Data Collection to Boost Phishing Protection using Intune Policy
When this policy is enabled, additional content may be automatically collected from suspicious websites or apps for security purposes. If the policy is disabled, no extra information will be collected. If the policy is not configured, the setting will follow the end user’s local Enhanced Phishing Protection preferences.
- How to Control Diagnostic Log Collection on Your Devices using Intune
- Turn Off Customer Experience Improvement Program to Prevent Enterprise Data Sharing using Intune Policy
- Stop Spying Take Back Control of your Windows Typing Data using Intune
How to Create a Policy
First, sign in to the Microsoft Intune Admin Center. Go to the Devices and select Configuration. Then click on the create down arrow, and after that, click on New Policy.
Profile Creation in a Policy
This is the next step you need to take for policy Creation. In profile creation, you must select the platform and profile type. Here, I would like to configure the policy for Windows 10 and later platforms and the settings catalog profile. Then click on the Create button.
Basics Tab for Name and Description
On the basics tab, give an appropriate name and description, so that it is easy to identify later. In the name box, give the policy name(Automatic Data Collection) and giving a description is not mandatory. Then click next to continue.
Configure the Settings from Settings Picker
Using configuration settings tab, you can access the specific settings. For this you have to click on the +Add settings hyperlink to get the settings picker. From the Settings Picker I choose Smart Screen\Enhanced Phishing Protection category and select Automatic Data Collection settings. Then you can close settings picker.
Disabling this Policy
After closing the Settings Picker, you will see it on the Configuration Settings page. Here we have only two settings: Enable or Disable. By default, Automatic Data Collection will be disabled. Disabling this setting stops Enhanced Phishing Protection from collecting extra data when users enter work or school passwords on suspicious sites or apps. Click Next to continue.
Enabling this Policy
If we enable or configure this policy, you can enable the Automatic Data Collection by toggling the switch from left to right. Then, you can click the Next button to continue.
Scope Tags
The next section is the Scope tag and which is not a compulsory step. It helps to assign this policy to a defined group of users or devices. Here, I skip the section and click on the next button.
Assignments Tab to Assign Group
The assignments tab is the crucial step that determines which groups can be selected to assign the policy. Click on the +Add groups option under included groups. Select the group from the list of groups on your tenant. Click on the Select button. And you can see the selected group on the Assignments tab. Click Next to continue.
Review + Create Tab
Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Device and User Check-in Status
To view a policy status, go to the Devices > Configuration in the Intune portal, select the policy (Automatic Data Collection). Check whether the status has shown succeeded (1). Use manual sync in the Company Portal to speed up the process.
Client-Side Verification
To confirm if a policy has been applied, use the Event Viewer on the client device. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. From the list of policies, use the Filter Current Log option and search for Intune event 813.
MDM PolicyManager: Set policy int, Policy: AutomaticDataCollection) Area:
(WebThreatDefense), EnrollmentID requesting merge: (EB427D85-802F-46D9-A3E2-D5B414587F63),
Current User: (Device), Int: (0x1), Enrollment Type: (0x6), Scope: (0x0).
Windows Configuration Service Provider (CSP)
The Policy Configuration Service Provider (CSP) is a feature used by organisations to manage and control settings on Windows 10 and 11 devices. It explains what each policy does, what settings or values can be used.
Description Framework Properties:
- Format – int
- Access Type – Add, Delete, Get, Replace
- Default Value – 0
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled |
| 1 | Enabled |
Group policy mapping:
| Name | Value |
|---|---|
| Name | AutomaticDataCollection |
| Friendly Name | Automatic Data Collection |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
| Registry Value Name | CaptureThreatWindow |
| ADMX File Name | WebThreatDefense.admx |
How to Remove Assigned Group from this Policy
If you need to remove a group from a policy assignment for security updates. To do this, open the policy from the Configuration tab and click on the Edit button on the Assignment tab. Click on the Remove button on this section to remove the policy.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete this Policy from Intune
Admins may delete policies in Intune due to different reasons. If you want to quickly delete a Policy, Intune helps you to do that. To do this, search for this policy on the Intune admin center. Click on the 3-dot option and then click on the Delete button.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community and WhatsApp Channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc