title: Microsoft Defender for Endpoint Exploit protection (EP) demonstrations description: See how Exploit Protection automatically applies many exploit mitigation settings system wide and on individual apps. search.appverid: met150 ms.service: defender-endpoint ms.author: lwainstein author: limwainstein ms.localizationpriority: medium manager: bagol audience: ITPro ms.collection:
- m365-security
- tier2
- demo
ms.topic: how-to
ms.subservice: asr
ms.date: 03/04/2025
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Business
- Microsoft Defender for Individuals
- Microsoft Defender Antivirus
Exploit Protection automatically applies exploit mitigation settings system wide and on individual apps. Many of the features in the Enhanced Mitigation Experience Toolkit (EMET) have been included in Exploit Protection, and you can convert and import existing EMET configuration profiles into Exploit Protection.
- Windows client devices must be running Windows 11 or Windows 10 1709 build 16273 or newer.
- Windows server devices must be running Windows Server 2016 and later or Azure Stack HCI OS, version 23H2 and later.
-
Run PowerShell commands:
Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml
Set-ProcessMitigation –help -
Verify configuration
Get-ProcessMitigation
EP xml config file (right select, "save target as")
-
Convert EMET to xml, run PowerShell command:
ConvertTo-ProcessMitigationPolicy -
Apply settings, run PowerShell command: use the XML from the prior step
Set-ProcessMitigation -PolicyFilePath
-
Confirm settings were applied, run PowerShell command:
Get-ProcessMitigation -
Review the event log for application compatibility
-
Download our EP xml config file (right select, "save target as") or use your own.
-
Apply settings, run PowerShell command:
Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml
-
Confirm settings were applied, run PowerShell command:
Get-ProcessMitigation -
Review the event log for application compatibility.