Microsoft Defender SmartScreen Setup Setting Catalog vs. Endpoint Security??

Copper Contributor



I've notice that there's seems to be a couple of different places to turn on Microsoft Defender Smart Screen. In Endpoint Security -> Attach Surface Reduction -> Application Control, I find the following screen:



Additionally, I can find the setting to turn on Smart Screen in Settings Catalog -> Microsoft Edge -> SmartScreen Settings as pictured here:



I also find in these two locations the option to "Block users from ignoring SmartScreen warnings" (Endpoint Security) and "Prevent bypassing SmartScreen..." (Setting Catalog). 


Though found in different locations, are these setting essentially accomplishing the same thing or is there a difference?

3 Replies

@ahelton_kcl there are a lot of Defender smart screen settings missing in Endpoint security profiles. You can use settings catalog or a combination of both. I personally use both.

Do I need to configure both the "Configure Microsoft Defender SmartScreen" in the Settings Catalog and the "Turn on Windows SmartScreen" in Endpoint to effectively turn on this feature? Or can I just do the latter of the two? It seems to me that, based on the provided tooltips in Intune, they do the exact same things. I wasn't sure if there was any reason to configure both...
best response confirmed by ahelton_kcl (Copper Contributor)
EP profile is more focused on the security settings. However, like I mentioned earlier, it does seem to leave out some of the relevant Defender Smartscreen settings. I normally use EP profile to configure whatever is available and then configure the rest using settings catalog. You can use just settings catalog if you like.