Enabling Microsoft Defender on Windows 10 and Windows Server 2016 and Later


Enabling Microsoft Defender on Windows 10 and Windows Server 2016 and later

Microsoft Defender comes pre-configured on Windows 10 and Windows Server 2016 to provide standard antivirus (AV) scanning and protection by default. (Some systems may refer to this still as "Windows Defender.")

Microsoft Defender will continue to provide passive scanning capabilities even if a third-party AV is installed. If you installed a third party AV, Windows Defender cannot be re-activated as the default AV for your system. You must uninstall any third party AV before Microsoft Defender can be used as the default AV again.

Note: Different versions of Windows 10 may have slightly different steps to access the Microsoft Defender settings. These settings should be available through the "Update & Security" section in the main Settings app, searching for Windows Security or Windows Defender in the start menu, or by searching directly for virus & threat protection.

Confirm Microsoft Defender is the Primary AV

Windows 10 and Windows Server 2019

  1. Open the Windows Security app
  2. Choose Virus and Threat Protection
  3. From the options on the right, select manage providers under "Who's protecting me?"
  4. Check which product is listed as "turned on" under antivirus
    • If you have a third party AV listed (like Symantec Endpoint Protection) you may see that it is turned on and that Microsoft Defender antivirus is turned off. Uninstall the third party AV so Microsoft Defender antivirus can be turned on. You should not have a lapse in protection, as Defender will take over when the third party product is unregistered. You will not be able to activate Microsoft Defender until the third party product is removed from your system.
    • If you see "Microsoft Defender Antivirus is turned on" you are using Microsoft Defender as the primary AV. (You may see "Windows Defender Antivirus" instead, this is the same thing.)
  5. Verify there are no other actions or alerts in the Windows Security app requiring attention related to Virus and Threat Protection configuration.

 

For LSU owned and domain joined machines, Microsoft Defender Antivirus should be the antivirus provider. If the current security provider is a third party AV, like Symantec Endpoint Protection, it should be removed so Microsoft Defender Antivirus handles AV protection for the host.

Microsoft Defender Antivirus is listed as the security provider for antivirus

 

Windows Server 2016

  1. Open the Settings App
  2. Go to Update & security
  3. Select Windows Defender on the left sidebar
  4. If Windows Defender is on, there will be an option to "Open Windows Defender." You can open Windows Defender to run scans and see historical activity. 
  5. If Windows Defender is not on, there will be a message stating that "The settings for Windows Defender aren't available because it is turned off. Open Windows Defender to turn it on." There will be an option to "Turn on Windows Defender."
    • Note: You may need to uninstall any third-party antivirus solutions before Windows Defender can be enabled.

 

Enable Real-Time Protection for Microsoft Defender

By default, Real-time protection should be enabled. However, depending on existing group policy configuration, the presence of third-party anti-virus applications, or other system configurations, real-time protection may be disabled.

If the client is unable to enable real-time protection for Microsoft Defender you may need to remove third party anti-virus or ensure that the Group Policy setting "Turn off Windows Defender" is not enabled for your client systems. 

  • For Windows 10 and Windows Server 2019 Systems:
    1. Open the Windows Security app
    2. Choose Virus and Threat Protection
    3. From "Virus & threat protection settings" choose "manage settings"
  • For Windows Server 2016 Systems:
    1. Open the Settings app
    2. Choose Update & security
    3. Select Windows Defender on the side bar
  1. Ensure "Real-time protection" is set to "On"
    The real time protection slider in Windows Defender should be on

     
  2. Ensure "Cloud-based Protection" is set to "On" 
  3. Enable "Automatic sample submission" if desired

 

 

20266
3/20/2024 1:30:30 PM