Manage Microsoft Defender for Endpoint with Group Policy Objects

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.


We recommend using Microsoft Endpoint Manager to manage your organization's threat protection features for devices (also referred to as endpoints). Endpoint Manager includes Microsoft Intune and Microsoft Endpoint Configuration Manager. Learn more about Endpoint Manager.

You can use Group Policy Objects in Azure Active Directory Domain Services to manage some settings in Microsoft Defender for Endpoint.

Configure Microsoft Defender for Endpoint with Group Policy Objects

The following table lists various tasks you can perform to configure Microsoft Defender for Endpoint with Group Policy Objects.

Task Resources to learn more
Manage settings for user and computer objects

Customize built-in Group Policy Objects, or create custom Group Policy Objects and organizational units to suit your organizational needs.
Administer Group Policy in an Azure Active Directory Domain Services managed domain
Configure Microsoft Defender Antivirus

Configure antivirus features & capabilities, including policy settings, exclusions, remediation, and scheduled scans on your organization's devices (also referred to as endpoints).
Use Group Policy settings to configure and manage Microsoft Defender Antivirus

Use Group Policy to enable cloud-delivered protection
Manage your organization's attack surface reduction rules

Customize your attack surface reduction rules by excluding files & folders, or by adding custom text to notification alerts that appear on users' devices.
Customize attack surface reduction rules with Group Policy Objects
Manage exploit protection settings

You can customize your exploit protection settings, import a configuration file, and then use Group Policy to deploy that configuration file.
Customize exploit protection settings

Import, export, and deploy exploit protection configurations

Use Group Policy to distribute the configuration
Enable Network Protection to help prevent employees from using apps that malicious content on the Internet

We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out.
Turn on network protection using Group Policy
Configure controlled folder access to protect against ransomware

Controlled folder access is also referred to as antiransomware protection.
Enable controlled folder access using Group Policy
Configure Microsoft Defender SmartScreen to protect against malicious sites and files on the internet. Configure Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings using Group Policy
Configure encryption and BitLocker to protect information on your organization's devices running Windows BitLocker Group Policy settings
Configure Microsoft Defender Credential Guard to protect against credential theft attacks Enable Windows Defender Credential Guard by using Group Policy

Configure your Microsoft 365 Defender portal

If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See Microsoft 365 Defender. You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.

Next steps