From c741449916f8bae8da2d59f7c9106e63b10cf887 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Fri, 5 May 2023 16:38:41 -0400
Subject: [PATCH] Add tamper protection note to Defender CSP

---
 windows/client-management/mdm/defender-csp.md |  2 ++
 ...icy-csp-admx-microsoftdefenderantivirus.md | 30 +++++++++++++++++++
 .../mdm/policy-csp-defender.md                | 24 +++++++++++++++
 3 files changed, 56 insertions(+)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 7550924275..a036a0332b 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2212,6 +2212,8 @@ Tamper protection helps protect important security features from unwanted change
 
 <!-- Device-Configuration-TamperProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Device-Configuration-TamperProtection-Editable-End -->
 
 <!-- Device-Configuration-TamperProtection-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 07eef1894d..0a138841a5 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -115,6 +115,8 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 
 <!-- DisableAntiSpywareDefender-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableAntiSpywareDefender-Editable-End -->
 
 <!-- DisableAntiSpywareDefender-DFProperties-Begin -->
@@ -244,6 +246,8 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy
 
 <!-- DisableBlockAtFirstSeen-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableBlockAtFirstSeen-Editable-End -->
 
 <!-- DisableBlockAtFirstSeen-DFProperties-Begin -->
@@ -366,6 +370,8 @@ Real-time protection consists of always-on scanning with file and process behavi
 
 <!-- DisableRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableRealtimeMonitoring-Editable-End -->
 
 <!-- DisableRealtimeMonitoring-DFProperties-Begin -->
@@ -426,6 +432,8 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 
 <!-- DisableRoutinelyTakingAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableRoutinelyTakingAction-Editable-End -->
 
 <!-- DisableRoutinelyTakingAction-DFProperties-Begin -->
@@ -482,6 +490,8 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!-- Exclusions_Extensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Extensions-Editable-End -->
 
 <!-- Exclusions_Extensions-DFProperties-Begin -->
@@ -538,6 +548,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 
 <!-- Exclusions_Paths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Paths-Editable-End -->
 
 <!-- Exclusions_Paths-DFProperties-Begin -->
@@ -594,6 +606,8 @@ This policy setting allows you to disable real-time scanning for any file opened
 
 <!-- Exclusions_Processes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Processes-Editable-End -->
 
 <!-- Exclusions_Processes-DFProperties-Begin -->
@@ -1577,6 +1591,8 @@ This policy setting allows you to configure behavior monitoring.
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-DFProperties-Begin -->
@@ -1637,6 +1653,8 @@ This policy setting allows you to configure scanning for all downloaded files an
 
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-DFProperties-Begin -->
@@ -1697,6 +1715,8 @@ This policy setting allows you to configure monitoring for file and program acti
 
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-DFProperties-Begin -->
@@ -1817,6 +1837,8 @@ This policy setting allows you to configure process scanning when real-time prot
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-DFProperties-Begin -->
@@ -2540,6 +2562,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 
 <!-- Reporting_DisableEnhancedNotifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Reporting_DisableEnhancedNotifications-Editable-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-DFProperties-Begin -->
@@ -3069,6 +3093,8 @@ This policy setting allows you to configure scans for malicious software and unw
 
 <!-- Scan_DisableArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Scan_DisableArchiveScanning-Editable-End -->
 
 <!-- Scan_DisableArchiveScanning-DFProperties-Begin -->
@@ -5551,6 +5577,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 
 <!-- UX_Configuration_Notification_Suppress-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- UX_Configuration_Notification_Suppress-Editable-End -->
 
 <!-- UX_Configuration_Notification_Suppress-DFProperties-Begin -->
@@ -5609,6 +5637,8 @@ If you enable this setting AM UI won't show reboot notifications.
 
 <!-- UX_Configuration_SuppressRebootNotification-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 1f26de308e..77b56fa11d 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -46,6 +46,8 @@ This policy setting allows you to configure scans for malicious software and unw
 
 <!-- AllowArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowArchiveScanning-Editable-End -->
 
 <!-- AllowArchiveScanning-DFProperties-Begin -->
@@ -113,6 +115,8 @@ This policy setting allows you to configure behavior monitoring.
 
 <!-- AllowBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowBehaviorMonitoring-Editable-End -->
 
 <!-- AllowBehaviorMonitoring-DFProperties-Begin -->
@@ -193,6 +197,8 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 
 <!-- AllowCloudProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowCloudProtection-Editable-End -->
 
 <!-- AllowCloudProtection-DFProperties-Begin -->
@@ -457,6 +463,8 @@ Allows or disallows Windows Defender Intrusion Prevention functionality.
 
 <!-- AllowIntrusionPreventionSystem-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowIntrusionPreventionSystem-Editable-End -->
 
 <!-- AllowIntrusionPreventionSystem-DFProperties-Begin -->
@@ -510,6 +518,8 @@ This policy setting allows you to configure scanning for all downloaded files an
 
 <!-- AllowIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowIOAVProtection-Editable-End -->
 
 <!-- AllowIOAVProtection-DFProperties-Begin -->
@@ -577,6 +587,8 @@ This policy setting allows you to configure monitoring for file and program acti
 
 <!-- AllowOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowOnAccessProtection-Editable-End -->
 
 <!-- AllowOnAccessProtection-DFProperties-Begin -->
@@ -640,6 +652,8 @@ Allows or disallows Windows Defender Realtime Monitoring functionality.
 
 <!-- AllowRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowRealtimeMonitoring-Editable-End -->
 
 <!-- AllowRealtimeMonitoring-DFProperties-Begin -->
@@ -769,6 +783,8 @@ Allows or disallows Windows Defender Script Scanning functionality.
 
 <!-- AllowScriptScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowScriptScanning-Editable-End -->
 
 <!-- AllowScriptScanning-DFProperties-Begin -->
@@ -1891,6 +1907,8 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!-- ExcludedExtensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedExtensions-Editable-End -->
 
 <!-- ExcludedExtensions-DFProperties-Begin -->
@@ -1945,6 +1963,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 
 <!-- ExcludedPaths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedPaths-Editable-End -->
 
 <!-- ExcludedPaths-DFProperties-Begin -->
@@ -1999,6 +2019,8 @@ This policy setting allows you to disable real-time scanning for any file opened
 
 <!-- ExcludedProcesses-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedProcesses-Editable-End -->
 
 <!-- ExcludedProcesses-DFProperties-Begin -->
@@ -2790,6 +2812,8 @@ Valid remediation action values are:
 
 <!-- ThreatSeverityDefaultAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- ThreatSeverityDefaultAction-Editable-End -->
 
 <!-- ThreatSeverityDefaultAction-DFProperties-Begin -->