{"id":30907,"date":"2025-06-19T14:54:00","date_gmt":"2025-06-19T14:54:00","guid":{"rendered":"https:\/\/endusersupports.com\/?p=30907"},"modified":"2026-05-09T07:26:35","modified_gmt":"2026-05-09T07:26:35","slug":"configure-microsoft-defender-antivirus-policy","status":"publish","type":"post","link":"https:\/\/endusersupports.com\/index.php\/2025\/06\/19\/configure-microsoft-defender-antivirus-policy\/","title":{"rendered":"Configure Microsoft Defender Antivirus Policy"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Configure\u00a0 Microsoft Defender Antivirus Policy\u00a0<\/b><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A Microsoft Defender Antivirus policy<\/strong> defines how malware protection is configured and enforced across Windows devices. These policies control real\u2011time protection, cloud\u2011based detection, scanning behavior, exclusions, ransomware protection, and tamper prevention.<\/p>

In modern environments, Defender Antivirus policies are most effectively managed using Microsoft Intune<\/strong>, ensuring consistent and scalable security across all endpoints.<\/p><\/div>

Key Settings in Microsoft Defender Antivirus Policy<\/h6>
\ud83d\udee1\ufe0f Real\u2011Time Protection<\/h5>
  • Monitors files and processes continuously<\/li>
  • Blocks malicious behavior instantly<\/li>
  • Must remain enabled<\/strong> for baseline security<\/li><\/ul>
    \u2601\ufe0f Cloud\u2011Delivered Protection<\/h5>
    • Leverages Microsoft threat intelligence<\/li>
    • Detects zero\u2011day and emerging threats<\/li>
    • Recommended protection level: High \/ Advanced<\/strong><\/li><\/ul>
      \ud83d\udd0d Scheduled Scans<\/h5>
      • Quick Scan<\/strong> (daily or at logon)<\/li>
      • Full Scan<\/strong> (weekly or during maintenance windows)<\/li>
      • Prevents performance impact while maintaining coverage<\/li><\/ul>
        \ud83d\udeab Exclusions<\/h5>
        • Files<\/li>
        • Folders<\/li>
        • File extensions<\/li>
        • Processes<\/li><\/ul>
          \ud83d\udd10 Tamper Protection<\/h5>
          • Prevents users and malware from changing Defender settings<\/li>
          • Critical for preventing security bypass<\/li>
          • Should always be enabled in enterprise environments.<\/strong><\/li><\/ul>
            \ud83d\udca5 Ransomware Protection<\/h5>

            Includes:<\/p>

            • Controlled Folder Access<\/li>
            • Protection for Documents, Desktop, Pictures, and custom folders<\/li>
            • Blocks unauthorized app access<\/li><\/ul>
              \ud83e\udde0 Behavior Monitoring<\/h5>
              • Detects suspicious activities rather than signatures<\/li>
              • Effective against file\u2011less and script\u2011based attacks.<\/li><\/ul>
                Recommended Baseline Configuration (Best Practice).<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>

                \u00a0<\/p>

                Setting<\/th>Recommended Value<\/th><\/tr>
                Real\u2011Time Protection<\/td>Enabled<\/td><\/tr>
                Cloud Protection<\/td>Enabled<\/td><\/tr>
                Sample Submission<\/td>Enabled<\/td><\/tr>
                Tamper Protection<\/td>Enabled<\/td><\/tr>
                Weekly Full Scan<\/td>Enabled<\/td><\/tr>
                Behavior Monitoring<\/td>Enabled<\/td><\/tr>
                ASR Rules<\/td>Enabled (Audit \u2192 Block)<\/td><\/tr>
                Ransomware Protection<\/td>Enabled<\/td><\/tr><\/tbody><\/table><\/div>
                Microsoft Defender Antivirus Policy vs Defender for Endpoint Policy<\/h6>
                Aspect<\/th>Antivirus Policy<\/th>MDE Policy<\/th><\/tr>
                Malware prevention<\/td>\u2705 Yes<\/td>\u2705 Yes<\/td><\/tr>
                EDR & investigation<\/td>\u274c No<\/td>\u2705 Yes<\/td><\/tr>
                Automated remediation<\/td>Limited<\/td>Advanced<\/td><\/tr>
                Threat hunting<\/td>\u274c No<\/td>\u2705 Yes<\/td><\/tr><\/tbody><\/table><\/div>
                Follow the below steps to create Antivirus Policy.<\/h6>

                Login to Intune, Click on Endpoint Security then Antivirus and Click on New Policy then Select the\u00a0Microsoft Defender Antivirus.\u00a0<\/strong>\"\"<\/p>

                Enter the Policy Name<\/p>

                \"\"<\/p><\/div>

                Select all the required settings as your company standard.<\/p>

                \"\"<\/p>

                You can add the tags if need if not can leave it on default.<\/p>

                \"\"<\/p>

                Select the group Name you can want to deploy the policy.<\/p>

                \"\"<\/p>

                No review the policy and Click on next if everything looks ok.<\/p>

                \"\"<\/p>

                When policy is created then search with the name.<\/p>

                \"\"<\/p>

                To get the deployment status report, open the policy and check here deployment status.<\/p>

                \"\"<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

                Configure\u00a0 Microsoft Defender Antivirus Policy\u00a0 A Microsoft Defender Antivirus policy defines how malware protection is configured and enforced across Windows devices. These policies control real\u2011time protection, cloud\u2011based detection, scanning behavior, exclusions, ransomware protection, and tamper prevention. In modern environments, Defender Antivirus policies are most effectively managed using Microsoft Intune, ensuring consistent and scalable security across […]<\/p>\n","protected":false},"author":1,"featured_media":31030,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[],"class_list":["post-30907","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defender-for-endpoint"],"views":19,"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/comments?post=30907"}],"version-history":[{"count":15,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30907\/revisions"}],"predecessor-version":[{"id":31006,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30907\/revisions\/31006"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/media\/31030"}],"wp:attachment":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/media?parent=30907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/categories?post=30907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/tags?post=30907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}