Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Intune

Let’s learn how to turn on Real-time Monitoring using Intune Antimalware Policy. The present discourse aims to elucidate the process of setting the real-time Monitoring policy with Intune and deploying the configuration profiles to the Security group.

Microsoft Defender Antivirus is a robust security solution that helps protect Windows devices from malware and other security threats. Intune, on the other hand, is a cloud-based service provided by Microsoft that enables organizations to manage and secure their devices and applications.

Intune endpoint security Antivirus policies can be employed to manage device security settings. These policies follow a similar concept to a device configuration policy template, which is a logical grouping of related settings. By utilizing AV policies, you can ensure that your device security settings align with your organizational security standards. Security administrators can ensure uniform deployment and configuration of antivirus solutions across managed device fleets to maintain consistent standards and reduce security risks.

According to Microsoft, the Microsoft Defender Antivirus and Microsoft Defender Antivirus Exclusions profiles were designed for the Windows 10 and later platform for endpoint security Antivirus policy prior to April 5, 2022. However, on April 5, 2022, the Windows 10 and later platform was replaced by the Windows 10, Windows 11, and Windows Server platforms.

Patch My PC

Advantages of Turning On Real-Time Monitoring for Microsoft Defender

Enabling Real-Time Monitoring in Microsoft Defender Antivirus offers several benefits. Real-time protection continuously examines the files and processes on your device, actively identifying malware and potentially unwanted software that may attempt to execute or install. In the event that a threat is detected, the system prompts the user to take necessary action, thus ensuring that the system remains secure.

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 1
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 1

Real-time monitoring involves using behaviour-based detection techniques to identify patterns commonly associated with malware. The process entails close observation of various system activities, including processes, file modifications, and registry changes. Any deviation from the normal or expected behaviour is detected, and an alarm is raised to alert the system administrator or user to take immediate action. This ensures that critical security settings are continuously checked and remain unchanged.

Adaptiva

This feature provides a crucial layer of defence that every organization should consider implementing to ensure the safety and security of its digital assets. Real-time monitoring is similar to having a watchful guardian for your digital space. Let’s learn how you can configure Real-time Monitoring using Intune Antimalware Policy.

Turn On Real-time Monitoring in Microsoft Intune

Let’s learn how to turn on Real-time Monitoring for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices.

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 2
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 2

When you click Create Policy, a new window will open. In Platform, select Windows 10, Windows 11, and Windows Server. Select Profile Type as Microsoft Defender Antivirus, and Click on Create.

PlatformProfile Type
Windows 10, Windows 11, and Windows ServerMicrosoft Defender Antivirus
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Table.1
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 3
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 3

On the Basics page, enter a Name and Description for the profile, then choose Next.

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 4
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 4

On the Configuration settings page, expand Defender settings, and configure the settings you want to manage with this profile. In this example, I will configure the settings to Allow Real-time Monitoring. Scroll down slightly to find the corresponding option.

NOTE! Changes to this setting are not applied when tamper protection is enabled.

Please note that by default, the Allow Real-time Monitoring policy is not configured. We wanted to bring this to your attention for your reference and consideration.

ValueDescription
Not configuredThe setting is restored to the system’s default
Not AllowedThe setting is disabled. Device users can’t change this setting. Turns off the real-time monitoring service.
AllowedEnforce the use of real-time monitoring. Device users can’t change this setting.
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Table.2

When you are done Configuring settings, review the settings and Click Next to go further.

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 5
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 5

On the Scope tags page, Add the Scope tags if you wish and click Next to assign the policy to computers. I will deploy it to the HTMD – Test Computers Group. Your devices will receive your policy settings when they check in with Intune service.

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 6
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 6

On the Review + Create page, carefully review all the settings you’ve defined. Once you’ve confirmed that everything is correct, select Save to implement the changes. The new profile is now visible in the policy type list, where you can select it.

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 7
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 7

Monitor Antivirus Policy Deployment from the Intune

The Antivirus Policy is deployed to Azure AD groups. Let’s see how we can monitor the deployment and status of installation from the Intune portal. To monitor the Intune policy assignment, follow these steps:

  • Navigate to the list of Antivirus Policies and select the policy you targeted.
  • Check the device and user check-in status from here.
  • If you click “View Report,” you can see additional details.
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 8
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 8

Monitor Antivirus Policy Deployment from the Windows Client Side

Let’s learn how to Monitor Antivirus Policy Deployment from the Windows Client Side. We can Monitor Antivirus Policy Deployment from the Windows Client Side using different methods.

  • You can use the below PowerShell command to check real-time protection.

Get-MpComputerStatus | select RealTimeProtectionEnabled

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 9
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 9
  • Also, you can check the below Registry Key to verify the real-time protection status.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\B1E9301C-8666-412A-BA2F-3BF8A55BFA62\default\Device\Defender

Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 10
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 10

End User Experience

As per the above report, the Antivirus policy is deployed to Azure AD groups. Let’s learn about the End User Experience after turning on Real-time Monitoring for Microsoft Defender Antivirus policy.

  • In Windows 10 or 11 devices, In the search box, type Windows Security and then select Windows Security in the list of results.
  • In Windows Security, select Virus & Threat Protection. 
  • Scroll down to the Virus & Threat Protection settings and select Manage settings.
  • You can check if Real-time Monitoring is turned On or Off from here.
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 11
Turn on Real-time Monitoring Antivirus policy for Microsoft Defender in Microsoft Intune Fig. 11

Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click hereHTMD WhatsApp.

Author

About Author – Sujin Nelladath has over 10 years of experience in SCCM device management and Automation solutions. He writes and shares his experiences related to Microsoft device management technologies, Azure, and PowerShell automation.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.