Defender Antivirus Policy Modification

This guide will provide background information on modifying an existing set of Windows Defender settings.

Defender Antivirus

Microsoft Defender Antivirus is a built-in antivirus for Windows OS that protects against all types of malware. It works with Microsoft Defender for Endpoint to provide protection on the device and in the cloud. It is deployable through Intune MDM, which allows a deep configuration scope of scan type, enforcement levels, and duration as well as the ability to restrict end user interference with the security controls which will harden the systems from tampering incidents.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Modifying a Device Defender Antivirus Rule

1. Navigate to Antivirus – Intune, select the policy you wish to alter.
   
2. Locate the Properties section of the profile, 4 points of interest will be available to Edit. You can modify the sections as needed.
   1. Basics: Adjusts non-functional items of the rule, such as the Name or Description.
      
   2. Assignments: Specifies which groups will be included or excluded from policy enforcement.
      
   3. Scope tags: Specifies which administrators can view and alter this object.
      
   4. Configuration Settings: Allows you to set the specific enforcement for Defender Antivirus Scanning parameters.
      
3. The Sections will all have the same prompt for adjustments, either add, remove, or delete the setting and select Review + Save to finalize the changes.
   
4. Once on the revisions page, if all the necessary adjustments look correct, select Save to finalize the modification process.