Manage Windows 10 Pro device policies
You can use Microsoft 365 Business to ensure that Windows Defender Antivirus is activated on Windows 10 devices and Microsoft updates are automatically downloaded to users' devices.
Sign in to the Microsoft 365 admin center.
Under Policies, choose Add policy.
In the Add policy pane, enter a name under Policy name, and then select Windows 10 Device Configuration under Policy type.
Choose Secure Windows 10 devices to see the sub-settings.
Make sure that Help protect PCs from viruses and other threats using Windows Defender Antivirus and Keep Windows 10 devices up to date automatically are turned on.
Under Who will get these settings?, all users are selected by default, but you can choose Change to select any security groups you've created.
To finish creating the policy, choose Add.
On the Add policy page, choose Close.
On the admin center home page, confirm that your new policy was added by choosing Policies and reviewing your policy on the Policies page.
To verify that the policy has taken effect, on a user's Windows 10 device, go to Windows Update, choose Advanced options, and confirm that settings are grayed out.
Then, click Choose how updates are delivered, and confirm that settings are grayed out and the following message appears: Some settings are hidden or managed by your organization.