Forum Discussion

SecEngLayer2's avatar
SecEngLayer2
Copper Contributor
Feb 21, 2022
Solved

Microsoft Defender On-Premise (No Internet connectivity)

Hello,   Is there a way to mange/configure/administer  MS Defender clients in an On-Premise environment with no connection to Azure cloud management portals please?   Many Thanks, Graeme
  • Reza_Ameri's avatar
    Reza_Ameri
    Feb 27, 2022
    Yes, it is possible to manage it using Microsoft Endpoint Configuration Manager and you many manage it on-premise. It is possible to manage it using Group Policy and PowerShell but you have some challenges. Offline updating definition is possible but you have to download the definition updates everyday and then deploy them or add them to share files. Take a look at:

    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-mde-post-migration-configuration-manager
BenR87's avatar
BenR87
Copper Contributor
Feb 25, 2022

I would like to know this as well. We are currently looking into switching to Defender. Quite a few devices in are network are offline. These include Windows 10 machines. From what I've read in another topic, these W10 devices can be problematic in an offline configuration. Is this still the case or are there solutions in place to counter this?

question92120's avatar
question92120
Copper Contributor
Aug 15, 2024

From an automated scripting perspective, You'll have to find a way to install all those *.exe virus definition files into windows endpoints.  Defender has some configuration options, and one is to point to a virus definition file, and program defender to download and install that file on a regular basis. Can you use defender to install *.exe virus definition files you get off the Microsoft website, to all your endpoints to automate this process?
No, the approach will not work with the standalone .exe virus definition files you get off the Microsoft website.
Microsoft Defender Antivirus uses a different mechanism to update virus definitions from local or UNC paths, which typically involves specific file formats such as .vdm or .cab files, rather than standalone .exe files.
To have Microsoft Defender point to an update file on your network, You'll need to extract the .cab files and then copy them to the network file server.

 

You can create a startup or logon script in PowerShell or batch that extracts and installs the .cab file. This script can then be deployed via a GPO.
Example PowerShell script:

$cabPath = "\\server\share\mpam-fe.cab"
$extractPath = "C:\DefenderDefinitions"
# Extract the .cab file
Expand-Archive -Path $cabPath -DestinationPath $extractPath

 

Once you have the .cab file extracted, point MS defender to use this location for its repo spot.