Windows Defender and Firewall are built-in security features that help protect your Windows devices from malware, viruses, and network attacks. However, to ensure that these features are configured and updated properly, you need a centralized management tool that can apply policies and settings across your organization. That’s where Intune comes in.
Intune is a cloud-based service that allows you to manage and secure your mobile devices, apps, and data. With Intune, you can create and deploy security policies and profiles that control how Windows Defender and Firewall work on your Windows devices. You can also monitor and report on the compliance and health status of your devices and take remediation actions if needed.
How to Manage Windows Defender with Intune
Windows Defender is a comprehensive antivirus and anti-malware solution that protects your devices from threats in real-time. It also includes features such as ransomware protection, exploit guard, application control, and device guard, which provide additional layers of security.
To manage Windows Defender with Intune, you need to create and assign a device configuration profile that contains the Windows Defender settings you want to apply.
- Sign in to the Microsoft Endpoint Manager admin center.
- Go to Devices > Configuration profiles > Create profile.
- Select Windows 10 and later as the platform and Endpoint protection as the profile type.
- Enter a name and description for the profile and click Next.
- Under Settings, expand Windows Defender Antivirus and configure the settings you want to apply. For example, you can enable or disable real-time protection, cloud-delivered protection, tamper protection, and more. You can also specify the scan type, frequency, and actions for detected threats.
- Click Next and assign the profile to the groups of devices you want to target.
- Click Create to save the profile and deploy it to your devices.
How to Monitor and Report on Windows Defender with Intune
Intune provides you with several tools and reports to help you monitor and report on the status and performance of Windows Defender on your devices. You can use these tools and reports to check the compliance and health status of your devices, view the detected threats and actions taken, and troubleshoot any issues that may arise.
- To view the compliance status of your devices, go to Devices > Monitor > Device compliance and select the compliance policy you want to view. You can see the number and percentage of devices that are compliant, non-compliant, or not evaluated. You can also drill down to the device level and see the compliance details and history for each device.
- To view the health status of your devices, go to Devices > Monitor > Device health and select the health policy you want to view. You can see the number and percentage of devices that are healthy, unhealthy, or not evaluated. You can also drill down to the device level and see the health details and history for each device.
- To view the threat status of your devices, go to Reports > Endpoint protection > Threat status. You can see the number and percentage of devices that are clean, infected, or at risk. You can also drill down to the device level and see the threat details and history for each device.
- To view the threat protection status of your devices, go to Reports > Endpoint protection > Threat protection status. You can see the number and percentage of devices that have Windows Defender features enabled or disabled, such as real-time protection, cloud-delivered protection, tamper protection, and more. You can also drill down to the device level and see the feature status for each device.
- To view the threat protection operational status of your devices, go to Reports > Endpoint protection > Threat protection operational status. You can see the number and percentage of devices that have Windows Defender features operational or non-operational, such as antivirus engine, antivirus signature, and more. You can also drill down to the device level and see the feature status for each device.
You can also use Intune to take remediation actions on your devices, such as initiating a scan, updating the signature, or removing a threat. To do so, go to Devices > All devices and select the device you want to remediate. Then, go to Endpoint security > Antivirus and select the action you want to perform.
Happy protection!