Edit

Share via


SmartScreenAllowListDomains

Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings

Supported versions

  • On Windows and macOS since 77 or later

Description

Configure the list of Microsoft Defender SmartScreen trusted domains. This means: Microsoft Defender SmartScreen won't check for potentially malicious resources like phishing software and other malware if the source URLs match these domains. The Microsoft Defender SmartScreen download protection service won't check downloads hosted on these domains.

If you enable this policy, Microsoft Defender SmartScreen trusts these domains. If you disable or don't set this policy, default Microsoft Defender SmartScreen protection is applied to all resources.

This policy is available only on Windows instances that are joined to a Microsoft Active Directory ___domain, Windows 10/11 Pro or Enterprise instances that enrolled for device management, or macOS instances that are that are managed via MDM or joined to a ___domain via MCX. Note: If your organization has enabled Microsoft Defender for Endpoint, this policy and any allow list created with it will be ignored. You must configure your allow and block lists in Microsoft 365 Defender portal using Indicators (Settings > Endpoints > Indicators).

Supported features

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data type

  • List of strings

Windows information and settings

Group Policy (ADMX) info

  • GP unique name: SmartScreenAllowListDomains
  • GP name: Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/SmartScreen settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx

Example value

mydomain.com
myuniversity.edu

Registry settings

  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains
  • Path (Recommended): N/A
  • Value name: 1, 2, 3, ...
  • Value type: List of REG_SZ

Example registry value

SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\1 =

mydomain.com

SOFTWARE\Policies\Microsoft\Edge\SmartScreenAllowListDomains\2 =

myuniversity.edu

Mac information and settings

  • Preference Key name: SmartScreenAllowListDomains
  • Example value:
<array>
  <string>mydomain.com</string>
  <string>myuniversity.edu</string>
</array>

See also