You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-business/mdb-manage-devices.md
+22-1Lines changed: 22 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ audience: Admin
9
9
ms.topic: how-to
10
10
ms.service: defender-business
11
11
ms.localizationpriority: medium
12
-
ms.date: 05/21/2025
12
+
ms.date: 05/30/2025
13
13
ms.reviewer: nehabha
14
14
f1.keywords: NOCSH
15
15
ms.collection:
@@ -80,6 +80,27 @@ Microsoft Defender Antivirus has one of the following states on devices:
80
80
1. Uninstall the non-Microsoft antivirus/antimalware solution.
81
81
2. Onboard the device to Defender for Business.
82
82
83
+
### What to expect when threats are detected by Microsoft Defender Antivirus
84
+
85
+
When Microsoft Defender Antivirus detects threat, the following things happen:
86
+
87
+
- Users receive [notifications in Windows](https://support.microsoft.com/windows/8942c744-6198-fe56-4639-34320cf9444e).
88
+
- Detections are listed in the [Windows Security app](/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center) on the **Protection history** page.
89
+
- If you [secured your Windows devices](/microsoft-365/business-premium/m365bp-protect-managed-devices), the threat detections and insights are available on the **Threats and antivirus** page in the Microsoft 365 admin center at <https://admin.microsoft.com/Adminportal/Home#/activethreats>.
90
+
91
+
> [!TIP]
92
+
> In Microsoft 365 Business Premium, if you have more than 800 devices [enrolled in Microsoft Intune](/intune/intune-service/fundamentals/deployment-guide-enroll), you're prompted to view threat detections and insights from Microsoft Intune instead of from the **Threats and antivirus** page.
93
+
94
+
In most cases, users don't need to take any further action. As soon as a malicious file or program is detected on a device, Microsoft Defender Antivirus blocks it and prevents it from running. Plus, newly detected threats are added to the antivirus and antimalware engine so that other devices and users are also protected.
95
+
96
+
If a user needs to take action (for example, approve the removal of a malicious file), the action is shown in the notification they receive. To learn more about actions that Microsoft Defender Antivirus takes on a user's behalf, or actions users might need to take, see [Protection History](https://support.microsoft.com/office/f1e5fd95-09b4-46d1-b8c7-1059a1e09708).
97
+
98
+
To learn more about different threats, visit the [Microsoft Security Intelligence Threats](https://www.microsoft.com/wdsi/threats) site where you can take the following actions:
99
+
100
+
- View current information about top threats.
101
+
- View the latest threats for a specific region.
102
+
- Search the threat encyclopedia for details about a specific threat.
103
+
83
104
## Onboard a device
84
105
85
106
For more information, see [Onboard devices to Defender for Business](mdb-onboard-devices.md).
0 commit comments