Create a Defender Exploit Guard profile through Workspace ONE UEM to protect your Windows 10 devices against exploits and malware. Learn how to use the profile to configure the Windows Defender Exploit Guard settings on your Windows 10 devices.

When you create rules and settings for Attack Surface Reduction, Controlled Folder Access, and Network Protection, you must select Enabled, Disabled, or Audit. These options change how the rule or setting functions.
  • Enabled - Configures Windows Defender to block exploits for that method. For example, if you set Controlled Folder Access to Enabled, Windows Defender will block exploits from accessing the protected folders.
  • Disabled - Doe not configured the policy for Windows Defender.
  • Audit - Configured Windows Defender to block the exploits the same as Enabled, but also logs the event in the event viewer.


To use the Exploit Protection settings in this profile, you must create a configuration XML file using Windows Security App or PowerShell on an individual device before creating the profile.


  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows and then select Windows Desktop.
  3. Select Device Profile.
  4. Configure the profile General settings.
  5. Select the Defender Exploit Guard payload.
  6. Upload Exploit Protection Settings configuration XML file.
    These settings automatically apply exploit mitigation techniques to both the operating system and individual apps. You must create the XML file using the Windows Security App or PowerShell on an individual device.
  7. Configure the Attack Surface Reduction settings. These rules help prevent the typical actions malware uses to infect devices with malicious code. Select Add to add additional rules.
    The description of each rule describes what apps or file types the rule applies to. Attack surface reduction rules require Windows Defender Real-Time Protection enabled.
  8. Configure the Controlled Folder Access settings. Set Controlled Folder Access to Enabled to use these settings. When enabled, the setting protects several folders by default. To see the list, point to over the ? icon.
    1. Add additional folders to protect by selecting Add New and enter the folder file path.
    2. Add applications that can access protected folders by selecting Add New and entering the application file path. Most known and trusted apps can access the folders by default. Use this setting to add internal or unknown apps to access protected folders.
    These settings automatically protect your data from malware and exploits. Controlled folder access requires Windows Defender Real-Time Protection enabled.
  9. Configure the Network Protection settings. Set Network Protection to Enabled to use these settings.
    These settings protect users and data from phishing scams and malicious websites. Network protection requires Windows Defender Real-Time Protection enabled.
  10. Select Save and Publish when you are finished to push the profile to devices.