Today, let’s discuss Latest Microsoft Defender Antivirus Configuration Policy Settings in Intune. Some Important steps are taken to access and configure the settings for Microsoft Defender in the endpoint security antivirus policy.
Intune Endpoint security Antivirus policies provide a centralized approach for security administrators to manage antivirus settings across managed devices efficiently. These policies streamline the process, allowing admins to focus specifically on the discrete group of antivirus configurations.
By utilizing Intune’s centralized administration console, security admins can easily define and enforce antivirus settings for all supported devices within their organization. This eliminates the need for manual configuration on individual devices, saving time and ensuring consistent security measures across the board.
Microsoft Defender for Endpoint introduces a powerful capability called Security Management for Microsoft Defender for Endpoint, allowing you to deploy security configurations from Microsoft Intune directly to your onboarded devices without the need for a complete Microsoft Intune device enrollment process.
- Best Antivirus for Windows 11 Microsoft Defender | App Browser Protection | Firewall Protection
- Secure Android Devices using Microsoft Defender for Endpoint in Intune
What is Microsoft Defender Antivirus?
Microsoft Defender Antivirus is a vital component of Microsoft Windows, serving as a robust and comprehensive antivirus software solution. Designed to safeguard Windows devices, it offers a multitude of advanced security features to protect against various types of malware and other threats.
Defender protection is tightly integrated with cloud intelligence to protect Windows 11 PCs. More details – Best Antivirus For Windows 11 Microsoft Defender | App Browser Protection | Firewall Protection.
Windows CSP – Latest Microsoft Defender Antivirus Configuration Policy Settings
Let’s check the Windows CSP Details for the latest Microsoft Defender Antivirus Configuration Policy Settings in Intune. Defender CSP provides a set of configuration settings that can be applied to Windows devices to control various aspects of Microsoft Defender Antivirus.
CSP URI – ./Device/Vendor/MSFT/Defender/Configuration
Microsoft Defender in Endpoint Security Antivirus Policy Using Intune
Microsoft consistently updates and improves Defender Antivirus through regular security updates and releases. Sign in to the Microsoft Intune admin center with your Intune administrator account. On the left side of Intune admin center, select Endpoint Security. Select Antivirus from Endpoint Security.
- Click the Create Policy option below to create MS Defender in the endpoint security Antivirus Policy.
Windows Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint. Next-generation protection brings together machine learning, big data analysis, in-depth threat resistance, and cloud infrastructure to protect devices in your enterprise organization.
- Select the Platform as Windows 10, Windows 11, and Windows Server
- Select the Profile as Microsoft Defender Antivirus
Under the Basic tab, enter the name and description as “Microsoft Defender in endpoint security antivirus policy.” And also, select the platform as Windows 10 and later. Select the Next button from the Basic tab.
Configuration Settings for Microsoft Defender Antivirus
The Configuration page within Microsoft Intune is the central hub for managing various settings and configurations for your organization’s devices. This intuitive page provides a comprehensive overview of templates with their respective default values, allowing administrators to navigate and customize configurations as needed easily.
The following tables give you the exact details of the “Microsoft Defender in endpoint security antivirus policy as per Microsoft Engineering Teams recommendations. It includes the Existing policy and the New policy.
Existing Configuration Policy for Microsoft Defender Antivirus
Let’s discuss the existing configuration policy for Microsoft Defender Antivirus. The below table shows the existing configuration policy for Microsoft Defender Antivirus.
| Existing Configuration Policy for Microsoft Defender Antivirus | Not configured/Configured |
|---|---|
| Allow Archie Scanning | Not configured |
| Allow Behavior Monitoring | Not configured |
| Allow Cloud Protection | Not configured |
| Allow Email Scanning | Not configured |
| Allow Full Scan On Mapped Network Drives | Not configured |
| Allow Full Scan Removable Drive Scanning | Not configured |
| Deprecated) Allow Intrusion Prevention System | Not configured |
| Allow Scanning of all downloaded files and attachments | Not configured |
| Allow Realtime Monitoring | Not configured |
| Allow Scanning Network Files | Not configured |
| Allow Script Scanning | Not configured |
| Allow User UI Access | Not configured |
| Avg CPU Load Factor | Not configured |
| Check For Signatures Before Running Scan | Not configured |
| Cloud Block Level | Not configured |
| Cloud Extended Timeout | Not configured |
| Days To Retain Cleaned Malware | Not configured |
| Disable Catchup Full Scan | Not configured |
| Disable Catchup Quick Scan | Not configured |
| Enable Low CPU Priority | Not configured |
| Enable Network Protection | Not configured |
| Excluded Paths | Not configured |
| Excluded Processes | Not configured |
| PUA Protection | Not configured |
| Real Time Scan Direction | Not configured |
| Schedule Quick Scan Time | Not configured |
| Scan Parameter | Not configured |
| Schedule Scan Day | Not configured |
| Schedule Scan Time | Not configured |
| Signature Update Fallback Order | Not configured |
| Signature Update File Shares Sources | Not configured |
| Signature Update Interval | Not configured |
| Sublit Samples Consent | Not configured |
| Disable Local Admin Merge | Not configured |
| Allow On Access Protection | Not configured |
| Security Intelligence Update Channel | Not configured |
New Configuration Policy Introduced in Service Release 2305
Let’s learn about the New Configuration Policy Introduced in Service Release 2305. The below table shows the New Configuration Policy Introduced in Service Release 2305.
| New Configuration Policy | Not configured/Configured |
|---|---|
| Metered Connection Updates | Not configured |
| Disable Tls parsing | Not configured |
| Disable Http parsing | HTTP parsing is enabled |
| Disable Dns Parsing | Not configured |
| Disable Dns Over Tcp parsing | DNS over TCP parsing is enabled |
| Disable Ssh parsing | Not configured |
| Platform Updates Channel | Not configured |
| Engine Updates Channel | Not configured |
| Security Intelligence Updates Channel | Not configured |
| Allow Network Protection Down Level | Network protection will be enabled downlevel |
| Allow Datagram Processing On Win Server | Datagram processing on Windows Server is enabled |
| Enable Dns Sinkhole | Not configured |
Scope tags in Microsoft Intune are a crucial feature that allows administrators to group and manage resources within their organization logically. With scope tags, administrators can assign tags to various resources in Intune, such as policies, profiles, apps, device groups, and more.
- Select Scope tags as Default.
The assignments tab in Intune helps you to add groups. The Assignment tab shows all the included groups, excluded groups, etc. You cannot mix user and device groups across include and exclude when excluding groups.
The screenshot below shows the “Select group to include a window.” The select groups to include window helps you to include a group. You can easily search a group using the search box as shown in the below window.
The Review + Create window helps you to show the Name, Description, Platform, Configuration settings, Scope tags, Assignments, etc. Selecting the Create button from the below window enables you to create a new Microsoft Defender in the endpoint security antivirus policy in Intune portal.
In the below window, you can see that the Profile has been created successfully. And it helps you to show the details such as policy name, policy type, assigned, platform target, etc. The policy type is Microsoft Defender Antivirus, Assigned as Yes.
Intune Reports for Microsoft Defender in Endpoint Security Antivirus Policy
The below window shows the Intune Reports for Microsoft Defender in endpoint security antivirus policy. By checking the device and user check-in status, they can verify the successful application of the policy. For a more comprehensive view, clicking on “View Report” provides access to additional details.
Reference Site – What’s new in Microsoft Intune | Microsoft Learn
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.
Where do you set parameter to set a restore point before scan