Key Takeaways
- This policy protects Windows devices during the Out of Box Experience.
- Microsoft Defender real time protection stays enabled from first boot.
- Security intelligence updates are downloaded during device setup.
- Security gaps before user sign in are removed.
- Devices meet organization security standards from day one.
Hey, let’s discuss about How to Managing Real Time Protection and Security Updates During Windows OOBE using Intune. This policy controls Microsoft Defender Real-Time Protection and Security Intelligence updates during the Windows Out-of-Box Experience (OOBE). OOBE is the first setup screen you see when a new or reset device is turned on.
This policy is important because new devices are most vulnerable during first use. Without protection, a device can be exposed to malware, viruses, or network threats before the user even signs in. Enabling this policy ensures the device is protected even before the user completes setup, reducing security risks.
When this policy is enabled, Defender real-time protection stays turned on and security intelligence updates are downloaded automatically during setup. This helps block threats immediately, keeps malware definitions up to date, and ensures the device follows company security standards from day one.
Before enabling this policy, Defender protection or updates may be delayed until the user finishes setup and signs in. This creates a security gap during first boot. After enabling the policy, Defender protection and updates run during OOBE itself, closing that gap and keeping the device secure from the start.
Table of Contents
What are the Advantages of Enabling this Policy using Intune?
Enabling this policy ensures that Microsoft Defender real-time protection and security intelligence updates are active from the very first time a Windows device is turned on.
1. Protects devices during first boot and setup
2. Blocks malware and threats before user sign-in
3. Keeps security intelligence updated automatically
4. Reduces security risks during Out-of-Box Experience
5. Ensures company security standards from day one
6. Prevents exposure on unsecured or public networks
7. Improves overall device security posture
Managing Real Time Protection and Security Updates During Windows OOBE using Intune
Without this policy, the device may connect to the internet without full protection during setup. With this policy enabled, Defender is already active and updated during OOBE, protecting the device from malware even before the employee starts using it.
- New Capabilities in Windows Autopilot Device Provisioning Real Time Monitoring App and Script Provisioning
- Translate Real-Time Video with Microsoft Edge for Business
- Methods for Allow or Disallow Real-time Protection for Microsoft Defender Antivirus in Windows 11
Create a Profile
To start configuring this policy, open Microsoft Intune admin center. Go to Devices > Configuration From Policies, click on the + Create button and select +New Policy. To create a policy you have to specify profile type and Platform. From this window you can select that.
| Platform | Profile Type |
|---|---|
| Windows 10 and later | Settings Catalog |
Basic Step
On the Basics page, you give the profile a clear name and description, so it is easy to identify later. In the Name box, the policy name(Oobe Enable Rtp And Sig Update) and description(To Enable Rtp And Sig Update). Then click Next to continue.
Configuration Settings
On the Configuration settings page, the Settings picker is used to search for the required policy. In the search bar, policy name is entered. Select the category as Defender and setting as Oobe Enable Rtp And Sig Update.
After closing the Settings Picker, you will see it on the Configuration Settings page. Here we have only two settings: Enable or Disable. By default, Rtp and Sig Update will be set to Disabled. If you continue with disable the option, click Next to continue.
Enable this Policy
If we Enable this policy, you can allow the Rtp and Sig Update by clicking the dropdown menu and select the Enable option. After reviewing or adding more settings, you can click the Next button to continue.
Scope Tags
A Scope Tag in Intune is used to control visibility and access to Intune resources based on administrative roles. Scope tags are not mandatory. You can add the scope tag using the Select scope tags button.
Assignments
On the Assignments tab, we can select which users or devices get this policy. Under Include Groups, click Add Groups. From the list, select the group that we want to target (e.g HTMD – Test Policy). Then click the Next button.
Final Step
At the final Review + Create step, we see a summary of all configured settings for the new profile; after reviewing the details and making any necessary changes by clicking Previous. We click Create to finish, and a notification confirms that the “Oobe Enable Rtp and Sig Update created successfully”.
Monitoring Status
We can check a policy’s status in the Intune Portal. Generally, it takes about 8 hours for policies to be created. Use the manual sync option to reduce the configuration delay in the Company Portal app on the device, then check the status again. Navigate to Devices> Configuration. Click on the specific policy to see its details.
How to Remove Assigned Group from this Policy
Sometimes, we need to remove a group from a policy assignment for security updates. Open the policy from the Configuration tab and click on the Edit button on the Assignment tab. Click on the Remove button on this section to remove the policy. Click Review + Save after making the change.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete this Policy from Intune
To delete an Intune policy for security or operational reasons. It is simple to do. I will demonstrate how to delete an Intune policy through the Oobe Enable Rtp And Sig Update Policy. Click the three dots, then click the Delete option.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.