In this post, we’ll see how we can configure Windows Defender Antivirus using Microsoft Intune. There are lots of settings you can configure for Windows Defender Antivirus. Listing and discussing all the settings is difficult. you can however visit https://docs.microsoft.com/en-us/intune/configuration/device-restrictions-windows-10 and check Microsoft Defender Antivirus section for details. The reason why I am configuring this is to exempt one folder from real time scan. This folder will be used to keep some files which might be malicious.

Existing setup done:

  1. Two Local users created
  2. Azure AD Connect configured
  3. Seamless Single Sign-On (IE) configured
  4. Seamless Single Sign-On (Firefox) configured
  5. Hybrid Azure AD Join configured
  6. Intune enrollment – Domain Joined Windows 10 devices
  7. Azure AD Join
  8. Office 365 Pro Plus Application
  9. Sample SharePoint Team Site
  10. OneDrive Known Folder Migration and SharePoint library sync
  11. Copy necessary files (Win32 App)
  12. Set Desktop Background, Lock Screen and Screensaver
  13. Adding applications to StartUp folder
  14. Adding some 3rd Party applications (Browsers)
  15. Microsoft Store for Business configuration and integration and Store Apps.
  16. Windows Defender Application Guard configuration
  17. Extend Application Guard to Mozilla Firefox and Google Chrome

Existing setup:

  1. SkyDC: Machine with ADDS, DNS, DHCP role
  2. SkyCON: Machine where we will install Azure AD Connect
  3. SkyCM: Machine with Configuration Manager Current Branch
  4. SkyTEN1: Domain Joined Windows 10 machine
  5. SkyTEN2: Domain Joined Windows 10 machine
  6. SkyTEN3i: Domain Joined Windows 10 machine (Intune Managed)
  7. SkyTEN4i: Domain Joined Windows 10 machine (Intune Managed)
  8. SkyTEN5i: Azure AD Joined Windows 10 (Intune Managed)
  9. SkyTEN6i: Azure AD Joined Windows 10 (Intune Managed)
  10. SkyTEN7i: Azure AD Joined Windows 10 (Cloud User, Intune Managed)
  11. SkyTEN8i: Azure AD Joined Windows 10 (Cloud User, Intune Managed)

Login to Azure portal.

Navigate to Intune -> Device configuration -> Profiles. Click on +Create profile.

Enter appropriate Name and Description. I have entered:

Name: Win 10 WDAV Policy

Description: Windows 10 : Windows Defender Antivirus Policy

In Platform, select Windows 10 and later.

In Profile type, select Device restrictions.

Configure the settings appropriately and click OK.

Note:

If you leave a setting as Not configured, Intune does not touch it. In this scenario, for most of the settings the OS turns ON the setting by default, and allows user to change it.

If you enable the setting, and then change it back to Not configured, then Intune leaves the setting in it’s previously configured state.

So, even if you are not enabling any settings explicitly, then most of the settings are already enabled by the OS by default.

For more detailed information on each setting, kindly check the section “Microsoft Defender Antivirus” in the below article:

https://docs.microsoft.com/en-us/intune/configuration/device-restrictions-windows-10

For example, to block access to Antivirus section in Microsoft Defender Security Center, we can block End-user access to Defender. I have not enabled this setting.

Note: The primary reason why we are configuring this policy is adding a folder in the exclusion list. This folder will be used in subsequent labs for testing some features. This will make sure that the Antivirus engine does not delete those files.

Click on Microsoft Defender Antivirus Exclusions.

In Files and folders, enter one test folder path and click on Add. In my case, it’s C:\Lab

Note: Please do NOT do this in production as this is only for testing certain features.

Click OK.

Click OK.

Click OK.

Click on Create.

Click on Assignments and then click on appropriate option.

I have selected All Devices.

After the group is selected, click Save to deploy the policy.

Client machine

Sync the machine

Open Microsoft Defender Security Center.

Click on Virus & threat protection.

Click on Manage settings.

.

Scroll down and click on Add or remove exclusions.

The folder that we added in the policy is listed in the exclusion list.

Done.

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *