mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge pull request #4081 from MicrosoftDocs/antivirus-intune
Antivirus settings in MEM
This commit is contained in:
Denise Vangel-MSFT
GitHub
commit
8494c1a6a3
@ -27,12 +27,12 @@ manager: dansimp
|
||||
|
||||
You can manage and configure Microsoft Defender Antivirus with the following tools:
|
||||
|
||||
- Microsoft Intune
|
||||
- Microsoft Endpoint Configuration Manager
|
||||
- Microsoft Intune (now part of Microsoft Endpoint Manager)
|
||||
- Microsoft Endpoint Configuration Manager (now part of Microsoft Endpoint Manager)
|
||||
- Group Policy
|
||||
- PowerShell cmdlets
|
||||
- Windows Management Instrumentation (WMI)
|
||||
- The mpcmdrun.exe utility
|
||||
- The Microsoft Malware Protection Command Line Utility (referred to as the *mpcmdrun.exe* utility
|
||||
|
||||
The articles in this section provide further information, links, and resources for using these tools to manage and configure Microsoft Defender Antivirus.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Specify cloud-delivered protection level in Microsoft Defender Antivirus
|
||||
description: Set the aggressiveness of cloud-delivered protection in Microsoft Defender Antivirus.
|
||||
title: Specify the cloud-delivered protection level for Microsoft Defender Antivirus
|
||||
description: Set your level of cloud-delivered protection for Microsoft Defender Antivirus.
|
||||
keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
@ -10,7 +10,7 @@ ms.sitesec: library
|
||||
ms.localizationpriority: medium
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.date: 08/12/2020
|
||||
ms.date: 10/26/2020
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.custom: nextgen
|
||||
@ -25,56 +25,63 @@ ms.custom: nextgen
|
||||
|
||||
- Microsoft Defender Antivirus
|
||||
|
||||
You can specify the level of cloud-protection offered by Microsoft Defender Antivirus with Group Policy and Microsoft Endpoint Configuration Manager.
|
||||
You can specify your level of cloud-delivered protection offered by Microsoft Defender Antivirus by using Microsoft Endpoint Manager (recommended) or Group Policy.
|
||||
|
||||
>[!NOTE]
|
||||
>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
|
||||
> [!TIP]
|
||||
> Cloud protection is not simply protection for files that are stored in the cloud. The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and devices (also called endpoints). Cloud protection with Microsoft Defender Antivirus uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional security intelligence updates.
|
||||
> Microsoft Intune and Microsoft Endpoint Configuration Manager are now part of [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview).
|
||||
|
||||
## Use Intune to specify the level of cloud-delivered protection
|
||||
|
||||
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||
2. Select **All services > Intune**.
|
||||
3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**.
|
||||
5. On the **File Blocking Level** switch, select one of the following:
|
||||
## Use Microsoft Endpoint Manager to specify the level of cloud-delivered protection
|
||||
|
||||
1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
|
||||
|
||||
2. Choose **Endpoint security** > **Antivirus**.
|
||||
|
||||
3. Select an antivirus profile. (If you don't have one yet, or if you want to create a new profile, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
|
||||
4. Select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
|
||||
|
||||
5. Expand **Cloud protection**, and then in the **Cloud-delivered protection level** list, select one of the following:
|
||||
|
||||
1. **High**: Applies a strong level of detection.
|
||||
2. **High +**: Uses the **High** level and applies additional protection measures (may impact client performance).
|
||||
2. **High plus**: Uses the **High** level and applies additional protection measures (may impact client performance).
|
||||
3. **Zero tolerance**: Blocks all unknown executables.
|
||||
|
||||
8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
|
||||
6. Choose **Review + save**, and then choose **Save**.
|
||||
|
||||
For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)
|
||||
> [!TIP]
|
||||
> Need some help? See the following resources:
|
||||
> - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
|
||||
> - [Add endpoint protection settings in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-configure)
|
||||
|
||||
|
||||
## Use Configuration Manager to specify the level of cloud-delivered protection
|
||||
|
||||
See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
|
||||
|
||||
## Use Group Policy to specify the level of cloud-delivered protection
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx).
|
||||
|
||||
2. Right-click the Group Policy Object you want to configure, and then click **Edit**.
|
||||
|
||||
3. In the **Group Policy Management Editor** go to **Computer configuration**.
|
||||
3. In the **Group Policy Management Editor** go to **Computer Configuration** > **Administrative templates**.
|
||||
|
||||
4. Click **Administrative templates**.
|
||||
4. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus** > **MpEngine**.
|
||||
|
||||
5. Expand the tree to **Windows components > Microsoft Defender Antivirus > MpEngine**.
|
||||
|
||||
6. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
|
||||
5. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
|
||||
- **Default blocking level** provides strong detection without increasing the risk of detecting legitimate files.
|
||||
- **Moderate blocking level** provides moderate only for high confidence detections
|
||||
- **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives).
|
||||
- **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives).
|
||||
- **High blocking level** applies a strong level of detection while optimizing client performance (but can also give you a greater chance of false positives).
|
||||
- **High + blocking level** applies additional protection measures (might impact client performance and increase your chance of false positives).
|
||||
- **Zero tolerance blocking level** blocks all unknown executables.
|
||||
|
||||
> [!WARNING]
|
||||
> While unlikely, setting this switch to **High** or **High +** may cause some legitimate files to be detected (although you will have the option to unblock or dispute that detection).
|
||||
|
||||
7. Click **OK**.
|
||||
6. Click **OK**.
|
||||
|
||||
7. Deploy your updated Group Policy Object. See [Group Policy Management Console](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx)
|
||||
|
||||
> [!TIP]
|
||||
> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](https://docs.microsoft.com/mem/intune/configuration/group-policy-analytics).
|
||||
|
||||
## Related articles
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@ ms.localizationpriority: medium
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.date: 10/26/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
---
|
||||
@ -25,13 +25,23 @@ manager: dansimp
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
If you are using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Microsoft Defender Antivirus scans.
|
||||
If you were using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can now use Microsoft Endpoint Manager to manage Microsoft Defender Antivirus scans.
|
||||
|
||||
In some cases, the protection will be labeled as Endpoint Protection, although the engine is the same as that used by Microsoft Defender Antivirus.
|
||||
1. In the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), navigate to **Endpoint Security**.
|
||||
|
||||
See the [Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-protection) library on docs.microsoft.com for information on using Configuration Manager.
|
||||
2. Under **Manage**, choose **Antivirus**.
|
||||
|
||||
For Microsoft Intune, consult the [Microsoft Intune library](https://docs.microsoft.com/intune/introduction-intune) and [Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
3. Select your Microsoft Defender Antivirus policy.
|
||||
|
||||
4. Under **Manage**, choose **Properties**.
|
||||
|
||||
5. Next to **Configuration settings**, choose **Edit**.
|
||||
|
||||
6. Expand the **Scan** section, and review or edit your scanning settings.
|
||||
|
||||
7. Choose **Review + save**
|
||||
|
||||
Need help? See [Manage endpoint security in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security).
|
||||
|
||||
|
||||
## Related articles
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user