we are migrating from Symantec to Defender and i have some test computers to try migration and configure settings. SCCM/MECM 2010.
I created a new Antimalware Policy and deployed it to my test collection and deployment works. Configured this:
Enable real-time protection == yesAllow users on client computers to configure real-time protection settings == no
but if i check the security center in Windows 10 i can still switch off "real time protection" with admin rights. Only if i create a gpo with defender and combine it no one is able to disable real time protection (its greyed out "managed by your organization").
Is there any possibility to achieve the same only with SCCM? Most users have no admin rights and are not able to do it but on some devices we have users who have admin rights and really need them but i want to prevent them to be able to lower security.
Other point, may some problem, i also configured this:
Cloud protection service membership type == Do not join CPSallow users to modify cloud protection service settings == noEnable auto file submission to help Microsoft determinewhether certain detected items are Malicious == noAllow users to modify auto sample file submission settings == no
but i still see it as activated:
I read that a combination managing Defender with SCCM and GPO is not recommended. Anyone with some experience may can shed some light on it.