Forum Discussion

MiSum83's avatar
MiSum83
Brass Contributor
Nov 15, 2022

Intune + Defender - Configure Quick and Full scan

Hello experts,   I'm starting with Intune... been playing with it for few weeks already and want to start deploying some policies to my testing devices.   These days, I'm struggling to find out h...
antivirus scans
defender
Intune
VladanOEI's avatar
VladanOEI
Copper Contributor
Nov 10, 2023
We did exactly what you suggested but it doesn't work 😞
We made 2 rules.
First rule:
"Scan Parameter" : Quick
"Schedule Scan Day" : Thru
Schedule Scan Time" 9 AM
Second rule:
"Scan Parameter" : Full
"Schedule Scan Day" : Fri
Schedule Scan Time" 9 AM

and Intune Antivirus did not run any of the configured tasks.

Microsoft never knew how to make simple things work properly. They are able to build "towers and cities", something that others cannot, and then they "fall" on such simple things like this.
Bas_de_Bruijn's avatar
Bas_de_Bruijn
Copper Contributor
Mar 01, 2024

VladanOEI I walked into the same situation and solved it the following way.

It's either a QuickScan(Default) or a FullScan config in Intune. You can not configure them both.

I chose to configure a QuickScan(Default) with these settings.

Scantype: Quickscan

Schedule Scanday: Every day (Default)

Schedule Scan Time: 720

 

I created a powershell script to create a scheduled task in Windows 10 to do a Full scan every Wednesday at 12:00 PM

 

# Define task name and command
$taskName = "Microsoft Defender Full Scan"
$command = "powershell.exe -ExecutionPolicy Bypass -Command Start-MpScan -ScanType FullScan"

# Create a trigger for Wednesday at 12:00 PM
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm

# Create action to run the command
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $command

# Register the scheduled task
Register-ScheduledTask -TaskName $taskName -Trigger $trigger -Action $action -Description "Runs a full antivirus scan using Microsoft Defender" -RunLevel Highest -Force

 

 

 

  • WiingreenMorten's avatar
    WiingreenMorten
    Copper Contributor
    Mar 21, 2024
    @bas_de_Bruijn
    Is it not possible to schedule a Quick Scan in One policy and a full scan in a different Policy?
    • Bas_de_Bruijn's avatar
      Bas_de_Bruijn
      Copper Contributor
      Mar 22, 2024

      WiingreenMorten Configuration Profiles pointing to the same object on Windows 10 towards Microsoft Defender results in errors and conflicts reporting in Intune. I solved it in my situation the following way. In both Profiles I configured a QuickScan(Default) Everyday 12:00PM (720) And deployed the PowerShell script I posted earlier through platform scripts in Intune that creates a scheduled task that runs a powershell command to start the desired Full Scan Every Wednesday at 12:00PM.

  • Bas_de_Bruijn's avatar
    Bas_de_Bruijn
    Copper Contributor
    Mar 06, 2024

    Bas_de_Bruijn MiSum83 I created a Powershell script for Intune distribution towards Windows 10 machines. as wel.

     

    # Start transcript for logging
    Start-Transcript -Path "C:\Temp\Microsoft_Defender_TaskSc.txt" -Append

    # Set up variables for the full scan schedule
    $FullScanTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm
    $FullScanAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-Command "& { Start-MpScan -ScanType FullScan }"'
    $FullScanSettings = @{
    TaskName = 'Windows Defender Full Scan'
    Trigger = $FullScanTrigger
    Action = $FullScanAction
    Principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount
    }

    # Create the full scan scheduled task
    Register-ScheduledTask @FullScanSettings

    # Output redirection for errors
    $ErrorActionPreference = "Stop"
    $LogFile = "C:\Temp\Defender_Error_Log.txt"

    # Try block to catch errors
    try {
    # Your script code here
    }
    catch {
    # Write error to log file
    $_.Exception.Message | Out-File -FilePath $LogFile -Append
    }

    # Stop transcript
    Stop-Transcript

    • Bas_de_Bruijn's avatar
      Bas_de_Bruijn
      Copper Contributor
      Mar 30, 2024
      VladanOEI MiSum83 WiingreenMorten
      I was just reading through the script I posted here and still missed 2 lines. Here is the updated script with lines that starts the Transcript loggin. Copy Paste save as ps1 file and upload to PlatformScript in Intune and Deploy accordingly.

      # Start transcript for logging
      Start-Transcript -Path "C:\Temp\Microsoft_Defender_TaskSc.txt" -Append

      # Set up variables for the full scan schedule
      $FullScanTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm
      $FullScanAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-Command "& { Start-MpScan -ScanType FullScan }"'
      $FullScanSettings = @{
      TaskName = 'Windows Defender Full Scan'
      Trigger = $FullScanTrigger
      Action = $FullScanAction
      Principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount
      }

      # Create the full scan scheduled task
      Register-ScheduledTask @FullScanSettings

      # Output redirection for errors
      $ErrorActionPreference = "Stop"
      $LogFile = "C:\Temp\Defender_Error_Log.txt"

      # Try block to catch errors
      try {
      # Your script code here
      }
      catch {
      # Write error to log file
      $_.Exception.Message | Out-File -FilePath $LogFile -Append
      }

      # Stop transcript
      Stop-Transcript