LogoLogo
Get CIPPJoin Discord
  • ☕CIPP Documentation
  • 🦸Setup
    • Self Hosting Guide
      • Prerequisites
      • Installation
      • Setup Automatic API Updates
      • Configuring Automatic Updates
      • Adding Users and Managing Roles
      • Updating Versions
      • Migrating to Hosted CIPP
      • Self-hosted API Setup
    • Configuring CIPP
      • Creating the CIPP Service Account
      • Conditional Access Best Practices
      • Adding Users and Managing Roles
      • Executing the Setup Wizard
      • Tenant Onboarding
      • Adding Tenants & Consenting the CIPP-SAM Application
      • Adding a Custom Domain Name
      • I Want to Manage My Own Tenant
      • Recommended Roles
    • Implementing CIPP
      • Recommended First Steps
      • Standards Setup
    • Resources
      • Professional Onboarding Services
      • Sponsor Quick Start
  • 🙋User Documentation
    • Shared Features
      • Menu Bar
        • Tenant Select
        • Display Mode
        • 🔍Search
        • Bookmarks
        • User Preferences
      • Table Features
      • Speed Dial
      • Keyboard Shortcuts
      • Get Help
    • CIPP Dashboard
    • Identity Management
      • Administration
        • Users
          • Bulk Add
          • Invite Guest
          • Add User
          • View Individual User
            • Edit User
            • Exchange Settings
            • Compromise Remediation
            • Conditional Access
        • Risky Users
        • Groups
          • Add Group
          • Edit Group
        • Group Templates
          • Add Group Template
          • Deploy Group Templates
          • Edit Group Template
        • Devices
        • Deleted items
        • Roles
        • JIT Admin
          • Add JIT Admin
        • Offboarding Wizard
      • Reports
        • MFA Report
        • Inactive Users
        • Sign-in Report
        • AAD Connect Report
        • Risk Detections
    • Tenant Administration
      • Administration
        • Tenants
          • Edit Tenant
          • Tenant Groups
            • Add Tenant Group
            • Edit Tenant Group
        • Alert Configuration
          • Add Alert
        • Audit Logs
          • View Audit Log
        • Applications
        • App Registrations
        • Permission Sets
          • Add Permission Set
          • Edit Permission Set
        • Templates
          • Add App Approval Template
          • Edit App Approval Template
        • Secure Score
        • App Consent Requests
        • Authentication Methods
        • Partner Relationships
      • GDAP Management
        • Relationships
          • Relationship Summary
        • Role Mappings
          • Map GDAP Roles
        • Role Templates
          • Add Template
        • Invites
          • New Invite
        • Onboarding
        • Offboarding
      • Configuration Backup
        • Backups
          • Restore Configuration Backup
          • Add Configuration Backup Task
      • Standards
        • List Standards Templates
        • Add Standards Template
        • View Tenant Report
        • Best Practice Analyser
          • Best Practice Templates
          • Custom Reports
        • Domains Analyser
      • Conditional Access
        • CA Policies
          • Deploy CA Policies
        • CA Vacation Mode
          • Add Vacation Schedule
        • CA Templates
        • Named Locations
          • Add Named Location
      • Reports
        • License Report
        • Sherweb License Report
          • Add Subscription
        • Consented Applications
    • Security & Compliance
      • Incidents & Alerts
        • Incidents
        • Alerts
      • Defender
        • Defender Status
        • Defender Deployment
        • Vulnerabilities
      • Reports
        • Device Compliance
    • Intune
      • Applications
        • Applications
          • Add Application
            • Add MSP App
            • Add Store App
            • Add Choco App
            • Add Office App
        • Application Queue
      • Autopilot
        • Autopilot Devices
        • Add Autopilot Device
        • Profiles
          • Add Profile
        • Status Pages
        • Add Status Page
      • Device Management
        • Devices
        • Configuration Policies
        • Compliance Policies
        • Protection Policies
        • Apply Policy
        • Policy Templates
        • Scripts
      • Reports
        • Analytics Device Score
        • Work from Anywhere
    • Teams & SharePoint
      • OneDrive
      • SharePoint
        • Add Site
        • Bulk Add Sites
      • Teams
        • Teams
          • Add Team
        • Teams Activity
        • Business Voice
    • Email & Exchange
      • Administration
        • Mailboxes
          • Add Shared Mailbox
        • Deleted Mailboxes
        • Mailbox Rules
        • Contacts
          • Add Contact
          • Edit Contact
        • Quarantine
        • Tenant Allow/Block Lists
          • Add Entry
      • Transport
        • Transport Rules
          • Deploy Transport Rule Template
        • Transport Templates
        • Connectors
          • Deploy Connector Templates
        • Connector Templates
      • Spamfilter
        • Spamfilter
          • Deploy Spamfilter
        • Spamfilter Templates
        • Connection Filter
          • Deploy Connection Filter
        • Connection Filter Templates
        • Quarantine Policies
          • Edit Global Settings
          • Deploy Custom Policy
        • Quarantine Policies
          • Add Quarantine Policy
      • Resource Management
        • Rooms
          • Add Room
          • Edit Room
        • Room Lists
      • Reports
        • Mailbox Statistics
        • Mailbox Client Access Settings
        • Anti-Phishing Filters
        • Malware Filters
        • Safe Link Filters
        • Safe Attachment Filters
        • Shared Mailbox with Enabled Account
        • Global Address List
    • Tools
      • Tenant Tools
        • Graph Explorer
        • Application Approval
        • Tenant Lookup
        • IP Database
        • Individual Domain Check
      • Email Tools
        • Message Trace
        • Mailbox Restores
        • Message Viewer
      • Dark Web Tools
        • Tenant Breach Lookup
        • Breach Lookup
      • Template Library
      • Community Repositories
        • View Repository Templates
      • Scheduler
        • Add Job
    • CIPP
      • Application Settings
        • Permissions
        • Tenants
        • Backend
        • Notifications
        • Partner Webhooks
        • Licenses
        • CIPP Backup
        • Global Variables
      • Logbook
      • Setup Wizard
      • Integrations
        • Integration Sync
        • CIPP-API
        • Sherweb
        • Gradient
        • Halo PSA Ticketing
        • NinjaOne
        • Hudu
        • Password Pusher
        • Have I Been Pwned?
        • Cloudflare
        • GitHub
      • Custom Data
        • Directory Extensions
          • Add Directory Extension
        • Schema Extensions
          • Add Schema Extension
        • Mappings
          • Add Mapping
          • Edit Mapping
      • Advanced
        • Super Admin
          • Tenant Mode
          • Function Offloading
          • CIPP Roles
          • SAM App Roles
          • SAM App Permissions
        • Exchange Cmdlets
        • Timers
        • Table Maintenance
  • 📂Troubleshooting
    • Error codes
    • Troubleshooting instructions
      • Refreshing a Specific Tenant's Permissions via CPV API
    • Frequently Asked Questions
      • I Got a "Potential Phishing page detected" Alert. What Do I Do With That?
  • 🔐Security
    • CIPP Security and Compliance
      • Security Policy
      • Security reports
    • CIPP Community Vulnerability Disclosure Policy
  • 👩‍💻👩💻 Dev Documentation
    • CIPP Dev Guide
      • Setting Up for Local Development
      • Executing Local Development
      • Project Structure
      • Development Tips
      • CIPP v7 Developer Brief
    • Contributing to the Code
    • Contributing to the Documentation
  • ⚙️API Documentation
    • Setup & Authentication
    • Endpoints
  • 🧰MSP Adoption Toolkit
    • Building a CIPP Business Case
  • ☕Sip & CIPP
    • Conditional Access
    • Autopilot & Intune
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. User Documentation
  2. Security & Compliance
  3. Defender

Defender Deployment

The Defender Deployment page allows you to set up default defender policies for your tenants or create specific policies. The form includes several sections:

  • Tenant Selection: Select one or more tenants to apply the policies. This is a required field, and at least one tenant must be selected.

  • Defender Setup Options: Configure various defender settings such as compliance, telemetry, and device connections.

    • Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations (Compliance): Enables Defender to enforce compliance configurations.

    • Connect iOS/iPadOS devices version 13.0 and above to Microsoft Defender for Endpoint (Compliance): Connects iOS devices to Defender for compliance.

    • Connect Android devices version 6.0.0 and above to Microsoft Defender for Endpoint (Compliance): Connects Android devices to Defender for compliance.

    • Connect Windows devices version 10.0.15063 and above to Microsoft Defender for Endpoint (Compliance): Connects Windows devices to Defender for compliance.

    • EDR: Expedite Telemetry Reporting Frequency: Increases the frequency of telemetry reporting for Endpoint Detection and Response.

    • Enable App Sync (sending application inventory) for iOS/iPadOS devices: Sends application inventory for iOS devices.

    • Block unsupported OS versions: Blocks devices with unsupported OS versions from connecting.

    • Connect Android devices to Microsoft Defender for Endpoint: Connects Android devices to Defender.

    • Connect iOS/iPadOS devices to Microsoft Defender for Endpoint: Connects iOS devices to Defender.

    • EDR: Connect Defender Configuration Package automatically from Connector: Automatically connects the Defender configuration package.

    • EDR: Enable Sample Sharing: Enables sharing of samples for analysis.

  • Defender Defaults Policy Options: Set default policies for scanning, monitoring, and protection.

    • Allow Archive Scanning: Enables scanning of archive files.

    • Allow behavior monitoring: Enables monitoring of application behaviors.

    • Allow Cloud Protection: Enables cloud-based protection.

    • Allow e-mail scanning: Enables scanning of email content.

    • Allow Full Scan on Network Drives: Enables full scans on network drives.

    • Allow Full Scan on Removable Drives: Enables full scans on removable drives.

    • Allow Script Scanning: Enables scanning of scripts.

    • Allow Intrusion Prevention System: Enables the Intrusion Prevention System.

    • Enable Low CPU priority: Reduces CPU priority for scans.

    • Allow scanning of downloaded files: Enables scanning of files downloaded from the internet.

    • Allow Realtime monitoring: Enables real-time monitoring of files and processes.

    • Allow scanning of mapped drives: Enables scanning of mapped network drives.

    • Allow users to access UI: Allows users to access the Defender user interface.

    • Enable Network Protection in Block Mode: Enables network protection in block mode.

    • Enable Network Protection in Audit Mode: Enables network protection in audit mode.

    • Check Signatures before scan: Verifies file signatures before scanning.

    • Disable Catchup Full Scan: Disables catchup full scans.

    • Disable Catchup Quick Scan: Disables catchup quick scans.

    • Assign to Group: Options to assign policies to specific groups (e.g., all users, all devices).

  • ASR Rules: Define Attack Surface Reduction rules to enhance security.

    • Block Adobe Reader from creating child processes: Prevents Adobe Reader from creating child processes.

    • Block Win32 API calls from Office macros: Prevents Office macros from making Win32 API calls.

    • Block credential stealing from the Windows local security authority subsystem: Prevents credential theft from the local security authority subsystem.

    • Block process creations originating from PSExec and WMI commands: Prevents process creation from PSExec and WMI commands.

    • Block persistence through WMI event subscription: Prevents persistence through WMI event subscriptions.

    • Block Office applications from creating executable content: Prevents Office applications from creating executable files.

    • Block Office applications from injecting code into other processes: Prevents Office applications from injecting code.

    • Block executable files from running unless they meet a prevalence, age, or trusted list criterion: Blocks executable files based on criteria.

    • Block JavaScript or VBScript from launching downloaded executable content: Prevents scripts from launching executables.

    • Block Office communication application from creating child processes: Prevents Office communication apps from creating child processes.

    • Block all Office applications from creating child processes: Prevents all Office apps from creating child processes.

    • Block untrusted and unsigned processes that run from USB: Blocks untrusted processes from USB devices.

    • Use advanced protection against ransomware: Enables advanced ransomware protection.

    • Block executable content from email client and webmail: Blocks executable content from email clients.

    • Block abuse of exploited vulnerable signed drivers (Device): Prevents abuse of vulnerable signed drivers.

    • Assign to Group: Options to assign ASR rules to specific groups (e.g., all users, all devices).


Feature Requests / Ideas

PreviousDefender StatusNextVulnerabilities

Last updated 1 month ago

Was this helpful?

For more details on each setting, refer to the .

We value your feedback and ideas. Please raise any on GitHub.

🙋
Microsoft Defender for Endpoint documentation
feature requests