Device Defender Antivirus Rule Creation Procedure

This admin procedure will provide background information on creating a new set of Windows Defender settings that will be enforced to the specified onboarded Intune device group.

Defender Antivirus

Microsoft Defender Antivirus is a built-in antivirus for Windows OS that protects against all types of malware. It works with Microsoft Defender for Endpoint to provide protection on the device and in the cloud. It is deployable through Intune MDM, which allows a deep configuration scope of scan type, enforcement levels, and duration as well as the ability to restrict end user interference with the security controls which will harden the systems from tampering incidents.

Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity

Creating a Device Defender Antivirus Rule

1. Navigate to Antivirus – Intune, select Create Policy to configure an OS platform and a profile type that fits the needs of your security scope. Select Create to proceed.
   
2. You will supply basic policy information such as name and description. Click Select to proceed.
   
3. All the configuration items related to the profile type will be listed, we will be focusing on enabling settings related to Microsoft Defender Antivirus. Select Next to continue.
   
4. Scope tag selection can be made, it is mainly leveraged with RBAC. Select Next to continue.
   
5. You will be able to configure group assignment or exclusion for the policy to effect. Select Next to proceed to revisions.
   
6. The review page will allow you to see all configured settings for the profile type creation process, if you detect a discrepancy at this stage make note of the section and select Previous to go back to make alterations before finalization. If everything checks out, select Create to publish the application.
   
7. Upon successful creation the rule will show up in the list of all antivirus policies managed through Intune.
   

You're Finished!