|
| 1 | +--- |
| 2 | +title: Manage Microsoft Defender Antivirus by using Defender for Endpoint Security Settings Management |
| 3 | +description: Learn how to use Microsoft Defender for Endpoint Security Settings Management to manage Microsoft Defender Antivirus |
| 4 | +author: YongRhee-MSFT |
| 5 | +ms.author: yongrhee |
| 6 | +manager: deniseb |
| 7 | +ms.service: defender-endpoint |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 04/24/2024 |
| 10 | +ms.collection: |
| 11 | +- m365-security |
| 12 | +- tier2 |
| 13 | +- mde-ngp |
| 14 | +search.appverid: met150 |
| 15 | +ms.localizationpriority: medium |
| 16 | +ms.custom: |
| 17 | +- nextgen |
| 18 | +- partner-contribution |
| 19 | +--- |
| 20 | + |
| 21 | +# Use Microsoft Defender for Endpoint Security Settings Management to manage Microsoft Defender Antivirus |
| 22 | + |
| 23 | +**Applies to:** |
| 24 | + |
| 25 | +- [Microsoft Defender XDR](/defender-xdr) |
| 26 | + |
| 27 | +- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) |
| 28 | + |
| 29 | +- [Microsoft Defender for Endpoint Plan 1](/defender-endpoint/defender-endpoint-plan-1) |
| 30 | + |
| 31 | +**Platforms** |
| 32 | + |
| 33 | +- Windows |
| 34 | + |
| 35 | +- Windows Servers |
| 36 | + |
| 37 | +- macOS |
| 38 | + |
| 39 | +- Linux |
| 40 | + |
| 41 | +Use the Microsoft Defender for Endpoint Security Settings Management to manage Microsoft Defender Antivirus security policies on devices. |
| 42 | + |
| 43 | +### Pre-requisites: |
| 44 | + |
| 45 | +Please review the pre-requisites [here](/mem/intune/protect/mde-security-integration). |
| 46 | + |
| 47 | +> [!NOTE] |
| 48 | +> The **Endpoint Security Policies** page in Microsoft Defender XDR is available only for [users with the security administrator role in Microsoft Defender XDR](/defender-endpoint/assign-portal-access). Any other user role, such as Security Reader, cannot access the portal. When a user has the required permissions to view policies in the Microsoft Defender portal, the data is presented based on Intune permissions. If the user is in scope for Intune role-based access control, it applies to the list of policies presented in the Microsoft Defender portal. We recommend granting security administrators with the [Intune built-in role, "Endpoint Security Manager"](/mem/intune/fundamentals/role-based-access-control#built-in-roles) to effectively align the level of permissions between Intune and Microsoft Defender XDR. |
| 49 | +
|
| 50 | +As a security administrator, you can configure different Microsoft Defender Antivirus security policy settings in the [Microsoft Defender XDR](https://security.microsoft.com)portal. |
| 51 | + |
| 52 | +You'll find endpoint security policies under **Endpoints > Configuration management > Endpoint security policies**. |
| 53 | + |
| 54 | +:::image type="content" source="./media/endpoint-security-policies.png" alt-text="Managing Endpoint security policies in the Microsoft Defender portal"::: |
| 55 | + |
| 56 | +The following list provides a brief description of each endpoint security policy type: |
| 57 | + |
| 58 | +- **Antivirus** - Antivirus policies help security admins focus on managing the discrete group of antivirus settings for managed devices. |
| 59 | + |
| 60 | +- **Disk encryption** - Endpoint security disk encryption profiles focus on only the settings that are relevant for a devices built-in encryption method, like FileVault or BitLocker. This focus makes it easy for security admins to manage disk encryption settings without having to navigate a host of unrelated settings. |
| 61 | + |
| 62 | +- **Firewall** - Use the endpoint security Firewall policy in Intune to configure a devices built-in firewall for devices that run macOS and Windows 10/11. |
| 63 | + |
| 64 | +- **Endpoint detection and response** - When you integrate Microsoft Defender for Endpoint with Intune, use the endpoint security policies for endpoint detection and response (EDR) to manage the EDR settings and onboard devices to Microsoft Defender for Endpoint. |
| 65 | + |
| 66 | +- **Attack surface reduction** - When Microsoft Defender Antivirus is in use on your Windows 10/11 devices, use Intune endpoint security policies for attack surface reduction to manage those settings for your devices. |
| 67 | + |
| 68 | + |
| 69 | +## Create an endpoint security policy |
| 70 | + |
| 71 | +1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender XDR</a> using at least a security admin role. |
| 72 | + |
| 73 | +2. Select **Endpoints > Configuration management > Endpoint security policies** and then select **Create new Policy**. |
| 74 | + |
| 75 | + |
| 76 | +3. Select a platform from the dropdown list. |
| 77 | + |
| 78 | +4. Select a template, then select **Create policy**. |
| 79 | + |
| 80 | + |
| 81 | +5. On the **Basics** page, enter a name and description for the profile, then choose **Next**. |
| 82 | + |
| 83 | +6. On the **Settings** page, expand each group of settings, and configure the settings you want to manage with this profile. |
| 84 | + |
| 85 | + When you're done configuring settings, select **Next**. |
| 86 | + |
| 87 | +7. On the **Assignments** page, select the groups that will receive this profile. |
| 88 | + |
| 89 | + Select **Next**. |
| 90 | + |
| 91 | +8. On the **Review + create** page, when you're done, select **Save**. The new profile is displayed in the list when you select the policy type for the profile you created. |
| 92 | + |
| 93 | + |
| 94 | +>[!NOTE] |
| 95 | +>To edit the scope tags, you'll need to go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). |
| 96 | +
|
| 97 | + |
| 98 | +## To edit an endpoint security policy |
| 99 | + |
| 100 | +1. Select the new policy, and then select **Edit**. |
| 101 | + |
| 102 | +2. Select **Settings** to expand a list of the configuration settings in the policy. You can't modify the settings from this view, but you can review how they're configured. |
| 103 | + |
| 104 | +3. To modify the policy, select **Edit** for each category where you want to make a change: |
| 105 | + - Basics |
| 106 | + - Settings |
| 107 | + - Assignments |
| 108 | + |
| 109 | +4. After you've made changes, select **Save** to save your edits. Edits to one category must be saved before you can introduce edits to additional categories. |
| 110 | + |
| 111 | + |
| 112 | + |
| 113 | + |
| 114 | +## Verify endpoint security policies |
| 115 | + |
| 116 | +To verify that you have successfully created a policy, select a policy name from the list of endpoint security policies. |
| 117 | + |
| 118 | +>[!NOTE] |
| 119 | +>It can take up to 90 minutes for a policy to reach a device. To expedite the process, for devices Managed by Defender for Endpoint, you can select **Policy sync** from the actions menu so that it is applied in approximately 10 minutes. |
| 120 | +> :::image type="content" source="./media/policy-sync.png" alt-text="Image showing policy sync button"::: |
| 121 | +
|
| 122 | +The policy page displays details that summarize the status of the policy. You can view a policy's status, which devices it has been applied to, and assigned groups. |
| 123 | + |
| 124 | +During an investigation, you can also view the **Security policies** tab in the device page to view the list of policies that are being applied to a particular device. For more information, see [Investigating devices](investigate-machines.md#security-policies). |
| 125 | + |
| 126 | + |
| 127 | +:::image type="content" source="./media/security-policies-list.png" alt-text="Security policies tab with list of policies"::: |
| 128 | + |
0 commit comments