Skip to content

Fix Server Threat Protection policy

Ensure your Server Threat Protection policies use the recommended settings.


The recommended settings offer the best security. If you must change settings to fix issues, change as few as you can and apply them to as few devices as you can.

If Account Health Check warns that server policies have settings that differ from our recommendations, you can fix this automatically or manually.

Fix automatically

If you choose to fix your policies automatically, we apply our recommended settings for all options in your server threat protection policies to your affected servers. You can review the changes in your audit log.

To fix your policies automatically, do as follows:

  1. Click Fix automatically in the warning.

    Fix your server policies automatically.

  2. Confirm that you want to apply our recommended settings.

Fix manually

To fix your policies manually, do as follows:

  1. Click the policy name in the warning.

    Policy health warning.

  2. The Settings tab on the policy page opens. A warning shows at the top of the tab and settings that differ from our recommendations are highlighted in red.

    • If the policy is the Base Policy, as in the example shown here, click Reset to reapply the recommended settings.
    • For any other policy, or if you want to reapply recommendations manually, so you can check each one, go to each highlighted setting and turn it on or reconfigure it.

    The reset option turns on all settings except SSL/TLS decryption of HTTPS websites (turn this on if you want it) and Enable CPU branch tracing (this doesn't need to be on, but if it's already on, you can leave it on).

    Policy settings tab.

  3. Click Save at the top of the policy page.

  4. The Settings tab now shows that you have the recommended protection.

    Policy with recommended protection.