Enable Defender for Endpoint Antivirus With Intune

In this Microsoft Intune and Defender for Endpoint (MDE) post, we will create an Antivirus policy for Windows-managed computers.

Defender for Endpoint Antivirus solution offers the following generation security capabilities that not just protect against viruses but also protect the entire machines.

With MDE AV, we can protect files, downloads, emails, passwords, and certain areas of the machines.

In this post, we are going to use the Microsoft Intune console to create an AV policy. However, we can also make the same policy programmatically using  Graph API for PowerShell. For more information, please visit this post  Create Defender for Endpoint Intune Antivirus Policy With PowerShell.

Create an Antivirus Policy

Open Microsoft Intune

Click on Endpoint Security

Click on Antivirus

Click on Create Policy

From the profile options, select Microsoft Defender Antivirus

At a minimum, I recommend configuring the following settings to get started.

  • Allow Behavior Monitoring
  • Allow Cloud Protection
  • Allow Email Scanning
  • Allow Realtime Monitoring
  • Allow Script Scanning
  • Realtime Scan Direction
  • Assign the policy to computers and wait for it to apply.


To verify that the policy is applying correctly to managed computers, Open one of the computer and open Virus & threat protection settings.

The settings should be greyed out with the message “This setting is managed by your administrator

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.