Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus
Microsoft 365 Lighthouse lets you investigate and mitigate threats across all your tenants. You can also initiate antivirus scans on devices, make sure devices are getting the latest updates for Microsoft Defender Antivirus, and review pending actions following antivirus scans. Lighthouse only supports devices running Windows 10 or later.
Before you begin
Microsoft 365 Lighthouse is deployed in the partner tenant only—not in the customer tenants, but make sure you and your customer tenants meet the requirements listed in Microsoft 365 Lighthouse requirements.
Users must be running Microsoft Defender Antivirus (included with Windows). Lighthouse does not support non-Microsoft antivirus software. For more information, see Turn on Microsoft Defender Antivirus.
You must be a Global Administrator in the partner tenant that you're signing in to.
Investigate active threats
To investigate a specific threat:
In the left navigation pane in Lighthouse, select Devices > Threat management.
Select the Threats tab.
From the list of threats, select the threat you want to investigate.
The threat details pane provides the following information:
| Category | Definition |
|---|---|
| Device and tenant | The device name and tenant where the threat was found. Select the device name to see additional information. |
| Threat status | The status of the threat. |
| Threat type | Type of threat. |
| Threat severity | Severity of threat (Severe, High, Moderate, Low, Unknown) |
| Instances | Number of instances of this threat present on the device. |
| First detected | When the threat was first detected on this device. |
| Documentation | Link to additional information about the threat. |
| Other devices on this tenant with this threat | A list of other devices in the same tenant with the same active threat. |
| Other tenants with this threat | A list of other tenants with the same active threat. |
To investigate threats on a specific device:
In the left navigation pane in Lighthouse, select Devices > Threat management.
Select the Antivirus protection tab.
Select a device from the list.
From the device details pane, select the Current threats tab.
Lighthouse displays all threats found on the device. To see details, select the threat.
Scan for threats on a device
A quick scan searches common locations where malware could be, such as registry keys and know startup folders. A full scan searches the entire device. In most cases, a quick scan is sufficient and is the recommended option for scheduled scans.
In the left navigation pane in Lighthouse, select Devices > Threat management.
Select the Antivirus protection tab.
From the list of devices, select a device.
In the device details pane, select Run full scan or Run quick scan.
You can also scan multiple devices by selecting the checkbox next to each device name in the list and then select Run full scan or Run quick scan.
Get updates for Microsoft Defender Antivirus
To update Microsoft Defender Antivirus on a single device:
In the left navigation pane in Lighthouse, select Devices > Threat management.
Select the Antivirus protection tab.
From the list of devices, select a device.
In the device details pane, select Update antivirus.
You can get updates for multiple devices by selecting the checkbox next to each device name in the list and then select Update antivirus.
If you need to create a new policy, select Update policy in the device details pane. Lighthouse will redirect you to the Microsoft Intune admin center. For more information about creating a policy, see Create a compliance policy in Microsoft Intune.
Check pending antivirus actions on a device
When consecutive actions are applied to a device, you'll receive an action pending message. To check which actions are pending on a device:
In the left navigation pane in Lighthouse, select Devices > Threat management.
Select the Antivirus protection tab.
From the list of devices, select a device.
In the device details pane, select the Device action statuses tab to view pending actions.
Restart a device
Some updates may require a device to restart to install correctly.
In the left navigation pane in Lighthouse, select Devices > Threat management.
Select the Antivirus protection tab.
From the list of devices, select a device.
In the device details pane, select Reboot device.
You can also restart multiple devices by selecting the checkbox next to each device name in the list and then select Reboot device.
Related content
Requirements for Microsoft 365 Lighthouse (article)
Overview of the Threat management page in Microsoft 365 Lighthouse (article)
Create a compliance policy in Microsoft Intune (article)
Turn on Microsoft Defender Antivirus (article)
Microsoft Security Intelligence (web page)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for