From ed85432e02942ac375c5e50777df87cc6957b214 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:18:09 -0800 Subject: [PATCH 1/4] Update prevent-changes-to-security-settings-with-tamper-protection.md removed a snippet per PM --- ...s-to-security-settings-with-tamper-protection.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 964923be28..25da1aa38d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 11/12/2020 +ms.date: 11/19/2020 --- # Protect security settings with tamper protection @@ -207,17 +207,6 @@ If you are an organization using [Microsoft Defender for Endpoint](https://www.m Your regular group policy doesn’t apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on. -> [!NOTE] -> A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection. - -To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior using GPO and allow tamper protection to protect your Microsoft Defender Antivirus settings. - -Some sample Microsoft Defender Antivirus settings: - -- *Turn off real-time protection*
- Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
- Value `DisableRealtimeMonitoring` = 0 - ### For Microsoft Defender for Endpoint, is configuring tamper protection in Intune targeted to the entire organization only? Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups. From ccddf150e43fc9b7e8ab5760b7127cfdf3d9849f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:22:09 -0800 Subject: [PATCH 2/4] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 25da1aa38d..0cbd3e28f1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -48,7 +48,7 @@ Tamper protection essentially locks Microsoft Defender Antivirus and prevents yo - Changing settings through PowerShell cmdlets - Editing or removing security settings through group policies -Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; this is managed by your security team. +Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; tamper protection is managed by your security team. ### What do you want to do? @@ -72,7 +72,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And, > > Once you’ve made this update, tamper protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors. -If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do this. +If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do change security settings, such as tamper protection. 1. Click **Start**, and start typing *Defender*. In the search results, select **Windows Security**. From 75b5e382cea904df754549b3fa60a1e9b26a1929 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:22:54 -0800 Subject: [PATCH 3/4] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 0cbd3e28f1..432e22474e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -132,7 +132,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release > [!IMPORTANT] > The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. -If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 by using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. +If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. 1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). From cd6713a92b1264be1c7d60b117dfbcb927223817 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:24:25 -0800 Subject: [PATCH 4/4] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 432e22474e..567fc845b6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -93,7 +93,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 1. Make sure your organization meets all of the following requirements to manage tamper protection using Intune: - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.) - - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.) + - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).) - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)