Windows Defender SmartScreen is another layer of security added by Microsoft that works to prevent successful phishing attempts. When running your ThreatDefense campaign your users may encounter a red screen when clicking links in your phishing campaign email.
This screen warns users away from inputting data in your landing page. This will skew your data on which users would have fallen prey to a phishing scam and would benefit from additional training identifying scams and threats. To circumvent Windows Defender you will need to do additional whitelisting of the domain(s) you are sending your phishing campaigns from.
The process for whitelisting these domains will vary depending on your environment. Check the documentation of your organization's tools for whitelisting options/solutions for Windows Defender. The following steps are only one example of a possible solution.
The following steps are for whitelisting a domain in an environment using:
- Azure AD or a hybrid Azure environment
- InTune (for Mobile Device Management)
- Windows (not for Macs)
1. Go to your Microsoft Management Admin Center (endpoint.microsoft.com) and click Devices.
2. Select Configuration profiles under the Policy section.
3. Click the Create Profile icon to open the Create Profile window.
4. In the Create Profile window select the following settings:
- Platform > Windows 10 and Later
- Profile Type > Templates
- Template > Administrative Templates
Click the Create button at the bottom.
5. Enter a Name for your configuration profile and a description (optional). Click next.
6. In your configuration settings, click Computer Configuration from the side and select Microsoft Edge.
7. Click SmartScreen Settings and click the Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings.
8. Configure the following settings.
- Supported on: Microsoft Windows 7 or later > select Enabled radio dial.
- Configure the list of domains for which SmartScreen won't trigger warnings add the domain as provided by Brainstorm Threat Defense. Click OK. This will return you to the SmartScreen Settings page, click Next.
9. Optional You may select scope tags, if applicable. Click Next.
10. In the Assignments screen, click Add all devices. Click Next and review your settings. Click Create to finalize. This updated profile will be pushed to any device managed by InTune in the next 1-2 hours.