If your organization uses Windows Defender on Windows 10 1607 or later updates, there may be some settings you\u2019ll want to enable that are not enabled by default. Microsoft provides advice on security settings in this regard. One setting you might want to enable is the Potentially Unwanted Application (PUA) feature. You can turn it on in multiple ways using multiple tools.PUA looks for items that follow certain structures or conditions:The file is being scanned from the browserThe file is in a folder with "downloads" in the pathThe file is in a folder with "temp" in the pathThe file is on the user's desktopThe file does not meet one of these conditions and is not under %programfiles%, %appdata% or %windows%If these conditions are met, the file will be quarantined and not allowed to be installed.You can enable PUA protection with Microsoft Intune, System Center Configuration Manager, Group Policy, PowerShell cmdlets or with registry keys. You can also use the PUA audit mode to detect PUA without blocking them. The detections will be captured in the Windows event log.To set it using registry keys go to\u00a0HKLMSOFTWAREPoliciesMicrosoftWindows DefenderMpEngineMpEnablePus.Set the following values:Enabled (recommended): 1Audit Mode: 2If the folder for MpEngine is not there, you will have to enable it. Then add a dword 32bit value for MpEnablePus and set the value to 1 (to enable it) or 2 (for Audit Mode).Alternatively you can set it via group policy:Open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click \u201cEdit\u201d.In the Group Policy Management Editor go to \u201cComputer configuration\u201d and select \u201cAdministrative templates\u201d.Expand the tree to Windows components > Windows Defender Antivirus.Double-click \u201cConfigure protection for potentially unwanted applications\u201d.Select \u201cEnabled\u201d to enable PUA protection.In Options, select \u201cBlock\u201d to block potentially unwanted applications, or select \u201cAudit Mode\u201d to test how the setting will work in your environment. Click \u201cOK\u201d.To set up the policy using Intune, review the settings in the dashboard. Browse to Device configuration profiles and create a profile for Windows 10. Look underneath Device restrictions under Windows Defender Antivirus. Again, you can choose to block or audit the setting. Susan BradleySetting the PUA value in IntuneFinally, you can use PowerShell to enable the protection. Use the following cmdlet:Set-MpPreference -PUAProtection EnabledorSet-MpPreference -PUAProtection AudiMode Susan BradleySetting the PUA value in PowerShellSetting the value for this cmdlet to \u201cEnabled\u201d turns on the feature if it has been disabled. \u00a0Setting AuditMode will detect PUAs but not block them.These settings are functional in Windows 10 Professional and you do not need Defender ATP or Enterprise licenses to enable this setting. Enabling this setting ensures that drive-by downloads won\u2019t trick users to install on your systems. Test first on a select group of systems to ensure that your line-of-business applications are not impacted by these settings.