Manage Microsoft Defender for Endpoint Plan 1 (preview)


If you have Microsoft 365 E3 or A3 but not Microsoft 365 E5 or A5, visit to sign up for the preview program!

As you use Defender for Endpoint Plan 1 (preview) in your organization, your security team can take certain steps to maintain your security solution. As your security team puts together your maintenance and operations plan, make sure to include at least the following activities:


Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here. This article includes links to online content that might describe some features that are not included in Defender for Endpoint Plan 1 (preview).

Manage security intelligence and product updates

Keeping Microsoft Defender Antivirus up to date is critical to protecting against new malware and attack techniques. Microsoft releases regular updates for security intelligence, antivirus, and antimalware protection. Updates are organized into two categories:

  • Security intelligence updates
  • Product updates

To manage your security intelligence and product updates, see Manage Microsoft Defender Antivirus updates and apply baselines.

Fine-tune and adjust Defender for Endpoint

Defender for Endpoint offers you much flexibility and configuration options. You can adjust and fine-tune your settings to suit your organization’s needs. For example, you can use Microsoft Endpoint Manager, Group Policy, and other methods to manage your endpoint security settings.

To learn more, see Manage Defender for Endpoint.

Address false positives/negatives

A false positive is an artifact, like a file or a process, that was detected as malicious, even though it isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is. False positives/negatives can occur with any endpoint protection solution, including Defender for Endpoint. However, there are steps you can take to address these kinds of issues and fine-tune your solution, as depicted in the following image:

False positives and negatives process overview

If you’re seeing false positives/negatives in Defender for Endpoint, see Address false positives/negatives in Microsoft Defender for Endpoint.

Next steps