MT.1164 - PUA Protection should be enabled
Overview
Checks that PUA (Potentially Unwanted Applications) protection is enabled in all assigned Microsoft Defender Antivirus policies.
Disabled PUA protection allows Shadow IT and potentially unwanted applications to be installed on managed devices, increasing the attack surface.
Remediation action:
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Set PUA Protection to On (Block mode)
Related links
Test Metadata
| Field | Value |
|---|---|
| Test ID | MT.1164 |
| Severity | High |
| Suite | Maester |
| Category | Defender |
| PowerShell test | Test-MtMdePuaProtection |
| Tags | Defender, Maester, MT.1164 |
Source
- Pester test:
tests/Maester/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1 - PowerShell source:
powershell/public/maester/defender/Test-MtMdePuaProtection.ps1