Feedback Editja

Tenant attach: Create and deploy Antivirus policies from the admin center

  • Artiklu
  • 3 minuti biex taqra

Applies to: Configuration Manager (current branch)

Create Microsoft Defender antivirus policies in the Microsoft Endpoint Manager console and deploy them to Configuration Manager collections.

Prerequisites

Assign Microsoft Defender Antivirus policy to a collection

  1. In a browser, go to the Microsoft Endpoint Manager admin center.
  2. Select Endpoint security then Antivirus.
  3. Select Create Policy.
  4. For the Platform, select Windows 10, Windows 11, and Windows Server (ConfigMgr).
  5. For the Profile, select Microsoft Defender Antivirus then Create.
  6. Assign a Name and optionally a Description on the Basics page.
  7. On the Configuration settings page, configure the settings you want to manage with this profile. When your done configuring settings, select Next. For more information about available policies, see Antivirus policy settings for tenant attached devices.
  8. Assign the policy to a Configuration Manager collection on the Assignments page.

Assign Windows Security experience policy to a collection

Important

This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

  1. In a browser, go to the Microsoft Endpoint Manager admin center.
  2. Select Endpoint security then Antivirus.
  3. Select Create Policy.
  4. For the Platform, select Windows 10, Windows 11, and Windows Server (ConfigMgr).
  5. For the Profile, select Windows Security experience (preview) then Create.
  6. Assign a Name and optionally a Description on the Basics page.
  7. On the Configuration settings page, configure the settings you want to manage with this profile. When your done configuring settings, select Next. For more information about the available settings, see Settings for Windows Security experience Antivirus policy for tenant attached devices.
  8. Assign the policy to a Configuration Manager collection on the Assignments page.

Antivirus policy exclusions merge

(Introduced in Configuration Manager 2103)

Starting in Configuration Manager 2103, When a tenant attached device is targeted with two or more antivirus policies, the settings for antivirus exclusions will merge before being applied to the client. This change results in the client receiving the exclusions defined in each policy, allowing for more granular control of antivirus exclusions. For earlier versions of Configuration Manager, Antivirus exclusions from a single policy are applied. With this behavior, the last policy applied determines the effective exclusions.

To use this functionality, create an antivirus policy from the Microsoft Endpoint Manager admin center that includes some antivirus exclusions. Create a second antivirus policy including only antivirus exclusions that are different from the first policy. Apply both antivirus policies to the same collection. Antivirus exclusions from both policies are applied on clients in the targeted collection.

Device Status (preview)

You can review the status of endpoint security policies for tenant attached devices. The Device Status page can be accessed for all endpoint security policy types for tenant-attached clients. To display the Device Status page:

  1. Select a policy that's targeted to ConfigMgr devices to display the Overview page for the policy.
  2. Select Device Status to display a list of devices targeted by the policy.
  3. The Device Name, Compliance State, and SMS ID are displayed for each of the devices on the Device Status page.

Next steps