Windows
      Back to home
      1. Help Center
      2. Configuration Templates
      3. Windows

      Defender Antivirus

      Overview

      The Devicie Defender Antivirus Template provides a wide range of known good configurations to allow for a secure, but productive, Defender for Endpoint experience. It provides a wide range of security enhancements, such as enabling email scanning, real-time protection monitoring, limiting CPU load factor, enabling potentially unwanted application protection with blocking and logging, and scheduling the scan day for Wednesday.

      Intune Description:

      Enforce Windows Defender to ensure a secure and productive experience. Scan day set to Wednesday, automatic updates enabled.

      Scope:

      This baseline should be applied to Windows devices.

      Policy Impact Areas:

      When deployed, this policy will impact:

      • Enforcing Windows Defender, with enforcement of many configurations

      Deployment Notes

      1. Pre-Deployment Considerations:

        • Review existing Windows Defender (or other endpoint protection software) configurations

      2. Post-Deployment Validation:

        • Verify Windows Defender configurations, such as real-time protection.

      Configuration Settings:

      Name

      Value

      Defender

      Threat Severity Default Action

       

        Remediation action for High severity threats

      Remove. Removes files from system.

        Remediation action for Severe threats

      Remove. Removes files from system.

        Remediation action for Low severity threats

      Quarantine. Moves files to quarantine.

        Remediation action for Moderate severity threats

      Quarantine. Moves files to quarantine.

      Allow Archive Scanning

      Not allowed. Turns off scanning on archived files.

      Allow Email Scanning

      Allowed. Turns on email scanning.

      Avg CPU Load Factor

      30

      Check For Signatures Before Running Scan

      Enabled

      Real Time Scan Direction

      Monitor all files (bi-directional).

      Scan Parameter

      Full scan

      Schedule Quick Scan Time

      720

      Schedule Scan Day

      Wednesday

      Schedule Scan Time

      720

      Engine Updates Channel

      Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.

      Security Intelligence Updates Channel

      Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.

      Allow Behavior Monitoring

      Allowed. Turns on real-time behavior monitoring.

      Allow Full Scan Removable Drive Scanning

      Allowed. Scans removable drives.

      Allow Realtime Monitoring

      Allowed. Turns on and runs the real-time monitoring service.

      Allow scanning of all downloaded files and attachments

      Allowed.

      Allow Script Scanning

      Allowed.

      Enable Network Protection

      Enabled (block mode)

      PUA Protection

      PUA Protection on. Detected items are blocked. They will show in history along with other threats.

       

      Devicie Template Name

      Defender Antivirus

      Default Intune Deployed Name

      DEVICIE-PROD-Defender Antivirus)

      Version

      1.0

      Template Last Updated

      Nov 18, 2024

      Document Status:

      DRAFT

      Document Last Updated:

      Apr 10, 2025