**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.
In 2006 Microsoft announced that the Windows Vista operating system would include built-in anti-malware software. This concerned a lot of people for a number of reasons:
- Microsoft was not, at the time, a trusted source for secure computing; and
- The anti-virus industry was an $11B/year industry, and the Microsoft partners that lived in that space stood to lose a lot of money if that happened.
While the plan to include it in the OS was scrubbed, Microsoft did, nonetheless, release an anti-malware solution called Live OneCare. The product eventually morphed into Windows Defender, which is now the overarching name for all of Microsoft’s security offerings.
When I was first introduced to Microsoft Intune, I found the greatest benefits were patch management and anti-malware. I was primarily using the offering to protect the computers of a few family and friends, and those were the two issues that I had spent most of my efforts with their machines.
Today, I use Intune for much larger environments, and for many more things. However, anti-malware and patch management are still a big part of it. I have covered patch management in other posts; let’s enable anti-malware for our clients.
First, let’s log into our Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com). In the navigation pane, click on Endpoint Security.
When the Endpoint Security | Overview screen appears, look in the navigation pane under Manage and click Antivirus.
In the middle of the Endpoint Security | Antivirus screen, under AV policies, click + Create policy.
In the Create a profile sidebar, select the platform Windows 10 and later from the dropdown list (or Windows 10 and Windows Server (ConfigMgr) if you want the policy to apply to servers as well). In the Profile dropdown select Microsoft Defender Antivirus. Click Create.
In the Basics tab, enter a name (and if you want, a description),a nd then click Next.
Most of our profile configuration will be set in the Configuration settings tab. There are sections for:
- Cloud protection
- Microsoft Defender Antivirus Exclusions
- Real-time protection
- User experience
I will not advise which of these you should enable, but go through them and configure it as you see fit for your environment. In my Review and Create you will see the options I chose for my demo tenant. Click Next.
On the Scope tags tab either select scope tags, or click Next.
On the Assignments tab, you can pick any of these options:
Either add specific groups, or add all users or all devices. You can also add groups to the Excluded list as you see fit. Click Next.
On the Review + Create tab you can verify your choices, and when you are satisfied, click Create. This is what I got:
Use Microsoft Defender to protect machines against malware
Windows 10 and later
Turn on cloud-delivered protection
Cloud-delivered protection level
Defender Cloud Extended Timeout In Seconds
Turn on real-time protection
Enable on access protection
Turn on behavior monitoring
Turn on intrusion prevention
Scan all downloaded files and attachments
Scan scripts that are used in Microsoft browsers
Scan network files
Number of days (0-90) to keep quarantined malware
Submit samples consent
Send safe samples automatically
Action to take on potentially unwanted apps
Actions for detected threats
Scan archive files
Use low CPU priority for scheduled scans
Scan mapped network drives during full scan
Run daily quick scan at
Day of week to run a scheduled scan
Time of day to run a scheduled scan
Check for signature updates before running scan
Enter how often (0-24 hours) to check for security intelligence updates
Allow user access to Microsoft Defender app
That is your policy. Make sure you check out my previous article on connecting Microsoft Defender for Endpoint to Intune in the Microsoft Defender Security Center!
Leave a Reply