Let’s discuss How to Enable Audit SMB Servers Lacking Encryption Support using Intune. Audit Server Does Not Support Encryption policy does not enforce encryption; it enables auditing on the client side when a connection is made to an insecure file server.
When this Policy enabled, An entry is created in the Windows Event Log (usually the SMBClient/Audit log). The security purpose of this policy is Identification of vulnerable or legacy servers that are not ready for mandatory encryption.
The core function of this policy is When a modern Windows client (SMB Client) attempts to connect to a file share (SMB Server), they negotiate the connection parameters. If the negotiation results in a connection where the server does not support encryption (which means the connection will be unencrypted and vulnerable to eavesdropping), the policy dictates whether the client should document this failure in its local event log.
Organization can enable or disable this policy according to the preferences. Enabling this policy is almost always the recommended security best practice because it provides critical visibility. Enabling the audit allows IT teams to identify, prioritize, and patch or replace those legacy servers before enforcing a “Require Encryption” policy.
Table of Contents
How to Enable Audit SMB Servers Lacking Encryption Support using Intune
Audit Server Does Not Support Encryption policy provides many advantages for users, admins and organization. With this policy, admins can accurately identify risk. The user benefits indirectly through enhanced data security.
By enabling the audit, IT can successfully transition the network to mandatory encryption, meaning the user’s sensitive documents are protected from interception while in transit across the local network.
- Configure Windows 11 SMB compression improvements to Compress File Aggressively
- Enforce Windows Credential UI for Edge and Negotiate Challenges using Intune
- Allow Basic Authentication for HTTP Using Setting Catalog in Intune
Configure Policy with Intune Admin Center
To start Split Screen in Microsoft Edge policy creation, sign in with Microsoft Intune Admin center. Go to Devices > Configuration > +Create >+ New Policy. Look at the below screenshot.
Choosing Platform and Profile Type
On this page, you can select Platform and Profile before configuring the policy. It is a necessary step and you cannot skip it. Here I would like to configure the policy to Windows 10 and later platform and settings catalog profile. Then click on the Create button.
Filling Basic Details
Basic tab helps you to give an identify for the settings you have to select for policy creation. You should add appropriate name and description for policy. Here is Name is mandatory and description is optional. After adding this click on the Next button.
Configure Split Screen in Microsoft Edge
From the Configuration Tab, you can see the +Add settings hyperlink to access specific settings. When you click on this hyperlink, you will get Settings Picker. Here, I would like to select the settings by browsing by Category. I choose Lanman Workstation. Then, I choose Audit Server Does Not Support Encryption settings.
Disable Audit Server Does Not Support Encryption
An organization might choose to do this to maintain a consistent user experience, reduce potential distractions. Disable is the default value of this policy and if you like to go with this value, click on the Next button.
Enable Audit Server Does Not Support Encryption
This helps administrators quickly identify and locate legacy, outdated, or third-party servers and network-attached storage (NAS) devices that use older, unencrypted Server Message Block (SMB) protocols (like older versions of SMB) or have encryption disabled.
Adding Scope Tags
Scope Tags sections help you add restrictions to the visibility of the Policy. But it is not a mandatory step, so you can skip this step. Here, I don’t add scope tags for Split Screen in Microsoft Edge Policy. Click on the Next button.
Selecting Group from the Assignment Tab
To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.
Review + Create Tab
Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Monitoring Status
The Monitoring Status page shows whether the policy has succeeded or not. To quickly configure the policy and take advantage of the policy sync, the device on the Company Portal, Open the Intune Portal. Go to Devices > Configuration > Search for the Policy. Here, the policy shows as successful.
Event Viewer
It helps you check the client side and verify the policy status. Open the Client device and open the Event Viewer. Go to Start > Event Viewer. Navigate to Logs: In the left pane, go to Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin.
Removing the Assigned Group from Audit Server Does Not Support Encryption Settings
If you want to remove the Assigned group from the policy, it is possible from the Intune Portal. To do this, open the Policy on Intune Portal and edit the Assignments tab and the Remove Policy.
To get more detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Audit Server Does Not Support Encryption
You can easily delete the Policy from the Intune Portal. From the Configuration section, you can delete the policy. It will completely remove it from the client devices.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Windows CSP Details
This policy controls whether the SMB client will enable the audit event when the SMB server doesn’t support encrypt. This policy applicable for Windows 11, version 24H2 [10.0.26100.3613] and later.
| Name | Value |
|---|---|
| Name | Pol_AuditServerDoesNotSupportEncryption |
| Friendly Name | Audit server does not support encryption |
| Location | Computer Configuration |
| Path | Network > Lanman Workstation |
| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
| Registry Value Name | AuditServerDoesNotSupportEncryption |
| ADMX File Name | LanmanWorkstation.admx |
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc