Forum Discussion

MiSum83's avatar
MiSum83
Brass Contributor
Nov 15, 2022

Intune + Defender - Configure Quick and Full scan

Hello experts,   I'm starting with Intune... been playing with it for few weeks already and want to start deploying some policies to my testing devices.   These days, I'm struggling to find out h...
antivirus scans
defender
Intune
Bas_de_Bruijn's avatar
Bas_de_Bruijn
Copper Contributor
Mar 01, 2024

VladanOEI I walked into the same situation and solved it the following way.

It's either a QuickScan(Default) or a FullScan config in Intune. You can not configure them both.

I chose to configure a QuickScan(Default) with these settings.

Scantype: Quickscan

Schedule Scanday: Every day (Default)

Schedule Scan Time: 720

 

I created a powershell script to create a scheduled task in Windows 10 to do a Full scan every Wednesday at 12:00 PM

 

# Define task name and command
$taskName = "Microsoft Defender Full Scan"
$command = "powershell.exe -ExecutionPolicy Bypass -Command Start-MpScan -ScanType FullScan"

# Create a trigger for Wednesday at 12:00 PM
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm

# Create action to run the command
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $command

# Register the scheduled task
Register-ScheduledTask -TaskName $taskName -Trigger $trigger -Action $action -Description "Runs a full antivirus scan using Microsoft Defender" -RunLevel Highest -Force

 

 

 

Bas_de_Bruijn's avatar
Bas_de_Bruijn
Copper Contributor
Mar 06, 2024

Bas_de_Bruijn MiSum83 I created a Powershell script for Intune distribution towards Windows 10 machines. as wel.

 

# Start transcript for logging
Start-Transcript -Path "C:\Temp\Microsoft_Defender_TaskSc.txt" -Append

# Set up variables for the full scan schedule
$FullScanTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm
$FullScanAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-Command "& { Start-MpScan -ScanType FullScan }"'
$FullScanSettings = @{
TaskName = 'Windows Defender Full Scan'
Trigger = $FullScanTrigger
Action = $FullScanAction
Principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount
}

# Create the full scan scheduled task
Register-ScheduledTask @FullScanSettings

# Output redirection for errors
$ErrorActionPreference = "Stop"
$LogFile = "C:\Temp\Defender_Error_Log.txt"

# Try block to catch errors
try {
# Your script code here
}
catch {
# Write error to log file
$_.Exception.Message | Out-File -FilePath $LogFile -Append
}

# Stop transcript
Stop-Transcript

  • Bas_de_Bruijn's avatar
    Bas_de_Bruijn
    Copper Contributor
    Mar 30, 2024
    VladanOEI MiSum83 WiingreenMorten
    I was just reading through the script I posted here and still missed 2 lines. Here is the updated script with lines that starts the Transcript loggin. Copy Paste save as ps1 file and upload to PlatformScript in Intune and Deploy accordingly.

    # Start transcript for logging
    Start-Transcript -Path "C:\Temp\Microsoft_Defender_TaskSc.txt" -Append

    # Set up variables for the full scan schedule
    $FullScanTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Wednesday -At 12pm
    $FullScanAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-Command "& { Start-MpScan -ScanType FullScan }"'
    $FullScanSettings = @{
    TaskName = 'Windows Defender Full Scan'
    Trigger = $FullScanTrigger
    Action = $FullScanAction
    Principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount
    }

    # Create the full scan scheduled task
    Register-ScheduledTask @FullScanSettings

    # Output redirection for errors
    $ErrorActionPreference = "Stop"
    $LogFile = "C:\Temp\Defender_Error_Log.txt"

    # Try block to catch errors
    try {
    # Your script code here
    }
    catch {
    # Write error to log file
    $_.Exception.Message | Out-File -FilePath $LogFile -Append
    }

    # Stop transcript
    Stop-Transcript