In this Microsoft Intune and Defender for Endpoint (MDE) post, we will create an Antivirus policy for Windows-managed computers.
Defender for Endpoint Antivirus solution offers the following generation security capabilities that not just protect against viruses but also protect the entire machines.
With MDE AV, we can protect files, downloads, emails, passwords, and certain areas of the machines.
In this post, we are going to use the Microsoft Intune console to create an AV policy. However, we can also make the same policy programmatically using Graph API for PowerShell. For more information, please visit this post Create Defender for Endpoint Intune Antivirus Policy With PowerShell.
Create an Antivirus Policy
Open Microsoft Intune
Click on Endpoint Security
Click on Antivirus
Click on Create Policy
From the profile options, select Microsoft Defender Antivirus
At a minimum, I recommend configuring the following settings to get started.
- Allow Behavior Monitoring
- Allow Cloud Protection
- Allow Email Scanning
- Allow Realtime Monitoring
- Allow Script Scanning
- Realtime Scan Direction
- Assign the policy to computers and wait for it to apply.
Verify
To verify that the policy is applying correctly to managed computers, Open one of the computer and open Virus & threat protection settings.
The settings should be greyed out with the message “This setting is managed by your administrator“
Leave a Reply