diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 661a531973..cf4937ebfd 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -763,6 +763,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Defender/AvgCPULoadFactor
+
+ Defender/CheckForSignaturesBeforeRunningScan
+
Defender/CloudBlockLevel
@@ -778,9 +781,18 @@ The following diagram shows the Policy configuration service provider in tree fo
Defender/DaysToRetainCleanedMalware
+
+ Defender/DisableCatchupFullScan
+
+
+ Defender/DisableCatchupQuickScan
+
Defender/EnableControlledFolderAccess
+
+ Defender/EnableLowCPUPriority
+
Defender/EnableNetworkProtection
@@ -811,6 +823,12 @@ The following diagram shows the Policy configuration service provider in tree fo
Defender/ScheduleScanTime
+
+ Defender/SignatureUpdateFallbackOrder
+
+
+ Defender/SignatureUpdateFileSharesSources
+
Defender/SignatureUpdateInterval
@@ -4103,12 +4121,16 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
- [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
- [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
+- [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
- [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
- [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
- [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
- [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
- [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
+- [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
+- [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
- [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
+- [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
- [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
- [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
- [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
@@ -4118,6 +4140,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
- [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
- [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
+- [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
+- [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
- [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
- [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index e9f70080d3..dd2367d211 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/03/2018
---
# Policy CSP - Defender
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -67,6 +69,9 @@ ms.date: 05/14/2018
Defender/AvgCPULoadFactor
+
+ Defender/CheckForSignaturesBeforeRunningScan
+
Defender/CloudBlockLevel
@@ -82,9 +87,18 @@ ms.date: 05/14/2018
Defender/DaysToRetainCleanedMalware
+
+ Defender/DisableCatchupFullScan
+
+
+ Defender/DisableCatchupQuickScan
+
Defender/EnableControlledFolderAccess
+
+ Defender/EnableLowCPUPriority
+
Defender/EnableNetworkProtection
@@ -115,6 +129,12 @@ ms.date: 05/14/2018
Defender/ScheduleScanTime
+
+ Defender/SignatureUpdateFallbackOrder
+
+
+ Defender/SignatureUpdateFileSharesSources
+
Defender/SignatureUpdateInterval
@@ -1101,6 +1121,78 @@ Valid values: 0–100
+
+**Defender/CheckForSignaturesBeforeRunningScan**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan.
+
+This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface.
+
+If you enable this setting, a check for new definitions will occur before running a scan.
+
+If you disable this setting or do not configure this setting, the scan will start using the existing definitions.
+
+Supported values:
+
+- 0 (default) - Disabled
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP English name: *Check for the latest virus and spyware definitions before running a scheduled scan*
+- GP name: *CheckForSignaturesBeforeRunningScan*
+- GP element: *CheckForSignaturesBeforeRunningScan*
+- GP path: *Windows Components/Windows Defender Antivirus/Scan*
+- GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Defender/CloudBlockLevel**
@@ -1408,6 +1500,146 @@ Valid values: 0–90
+
+**Defender/DisableCatchupFullScan**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.
+
+If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.
+
+If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off.
+
+Supported values:
+
+- 0 - Disabled
+- 1 - Enabled (default)
+
+
+
+ADMX Info:
+- GP English name: *Turn on catch-up full scan*
+- GP name: *Scan_DisableCatchupFullScan*
+- GP element: *Scan_DisableCatchupFullScan*
+- GP path: *Windows Components/Windows Defender Antivirus/Scan*
+- GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Defender/DisableCatchupQuickScan**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.
+
+If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.
+
+If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off.
+
+Supported values:
+
+- 0 - Disabled
+- 1 - Enabled (default)
+
+
+
+ADMX Info:
+- GP English name: *Turn on catch-up quick scan*
+- GP name: *Scan_DisableCatchupQuickScan*
+- GP element: *Scan_DisableCatchupQuickScan*
+- GP path: *Windows Components/Windows Defender Antivirus/Scan*
+- GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Defender/EnableControlledFolderAccess**
@@ -1471,6 +1703,76 @@ The following list shows the supported values:
+
+**Defender/EnableLowCPUPriority**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to enable or disable low CPU priority for scheduled scans.
+
+If you enable this setting, low CPU priority will be used during scheduled scans.
+
+If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.
+
+Supported values:
+
+- 0 - Disabled (default)
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP English name: *Configure low CPU priority for scheduled scans*
+- GP name: *Scan_LowCpuPriority*
+- GP element: *Scan_LowCpuPriority*
+- GP path: *Windows Components/Windows Defender Antivirus/Scan*
+- GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Defender/EnableNetworkProtection**
@@ -2110,6 +2412,145 @@ Valid values: 0–1380.
+
+**Defender/SignatureUpdateFallbackOrder**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order.
+
+Possible values are:
+
+- InternalDefinitionUpdateServer
+- MicrosoftUpdateServer
+- MMPC
+- FileShares
+
+For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
+
+If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+
+If you disable or do not configure this setting, definition update sources will be contacted in a default order.
+
+
+
+ADMX Info:
+- GP English name: *Define the order of sources for downloading definition updates*
+- GP name: *SignatureUpdate_FallbackOrder*
+- GP element: *SignatureUpdate_FallbackOrder*
+- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
+- GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Defender/SignatureUpdateFileSharesSources**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default.
+
+If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+
+If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
+
+
+
+ADMX Info:
+- GP English name: *Define file shares for downloading definition updates*
+- GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
+- GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources*
+- GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
+- GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Defender/SignatureUpdateInterval**
@@ -2319,6 +2760,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.