Windows Defender Antivirus in Windows 10 and Windows Server 2016

Applies to

  • Windows 10
  • Windows Server 2016

Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.

This library of documentation is for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.

For more important information about running Windows Defender on a server platform, see Windows Defender Antivirus on Windows Server 2016.

Windows Defender AV can be managed with:

  • System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)
  • Microsoft Intune

It can be configured with:

  • System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)
  • Microsoft Intune
  • PowerShell
  • Windows Management Instrumentation (WMI)
  • Group Policy

Some of the highlights of Windows Defender AV include:

  • Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
  • Always-on scanning, using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
  • Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research


You can also visit the Windows Defender Testground website at to confirm the following features are working and see how they work:

  • Cloud-delivered protection
  • Fast learning (including Block at first sight)
  • Potentially unwanted application blocking

What's new in Windows 10, version 1803

What's new in Windows 10, version 1703

New features for Windows Defender AV in Windows 10, version 1703 include:

We've expanded this documentation library to cover end-to-end deployment, management, and configuration for Windows Defender AV, and we've added some new guides that can help with evaluating and deploying Windows Defender AV in certain scenarios:

Minimum system requirements

Windows Defender AV has the same hardware requirements as Windows 10. For more information, see:

Some features require a certain version of Windows 10 - the minimum version required is specified at the top of each topic.

Functionality, configuration, and management is largely the same when using Windows Defender AV on Windows Server 2016, however there are some differences.

In this library

Topic Description
Windows Defender AV in the Windows Defender Security Center app The Windows Defender Security Center combines the settings and notifications from the previous Windows Defender AV app and Windows Settings in one easy-to-manage place
Windows Defender AV on Windows Server 2016 Windows Defender AV can be used on Windows Server 2016, and features the same configuration and management capabilities as the Windows 10 version - with some added features for automatic exclusions
Windows Defender AV compatibility Windows Defender AV operates in different modes depending on whether it detects other AV products or if you are using Windows Defender Advanced Threat Protection
Evaluate Windows Defender AV protection Evaluate the protection capabilities of Windows Defender Antivirus with a specialized evaluation guide and PowerShell script
Deploy, manage updates, and report on Windows Defender AV While traditional client deployment is not required for Windows Defender AV, you will need to enable the service. You can also manage how protection and product updates are applies, and receive reports from Configuration Manager, Intune, and with some security information and event monitoring (SIEM) tools
Configure Windows Defender AV features Windows Defender AV has a large set of configurable features and options. You can configure options such as cloud-delivered protection, always-on monitoring and scanning, and how end-users can interact or override global policy settings
Customize, initiate, and review the results of scans and remediation You can set up scheduled scans, run on-demand scans, and configure how remediation works when threats are detected
Review event logs and error codes to troubleshoot issues Review event IDs and error codes in Windows Defender Antivirus to determine causes of problems and troubleshoot issues
Reference topics for management and configuration tools The management and configuration tools that you can use with Windows Defender AV are listed and described here