Forum Discussion
Solved
New "Tamper Protection" entry in MDE Advanced features panel
Hello everybody, today I noticed a new entry unter the "Advanced features" section of the MDE Cloudportal (securitycenter.microsoft.com) named "Tamper protection". Is this the long awaited possi...
- I think you are correct:
Manage tamper protection for your organization using the Microsoft Defender Security Center
Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center (https://securitycenter.windows.com). Here are a few points to keep in mind:
When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method.
When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either Intune or Configuration Manager with tenant attach.
If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview.
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center
I think you are correct:
Manage tamper protection for your organization using the Microsoft Defender Security Center
Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center (https://securitycenter.windows.com). Here are a few points to keep in mind:
When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method.
When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either Intune or Configuration Manager with tenant attach.
If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview.
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center
Manage tamper protection for your organization using the Microsoft Defender Security Center
Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center (https://securitycenter.windows.com). Here are a few points to keep in mind:
When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method.
When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either Intune or Configuration Manager with tenant attach.
If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview.
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center
I am managing defender AV using group policy. Migration is currently going on from our old av to defender.
My doubt is if I enable tamper protection from security center , how it will impact on group policy changes on real time protection . Will the changes apply even though tamper protection is on?
Let me give the scenario, let's say temper protection is on now tenant wide . real time protection is off now for an particular endpoint . if I enable a group policy to switch on the real time protection what will happen,
. will the settings apply regardless of tamper protection is on or off or it will not apply because tamper protection is already on.
My doubt is if I enable tamper protection from security center , how it will impact on group policy changes on real time protection . Will the changes apply even though tamper protection is on?
Let me give the scenario, let's say temper protection is on now tenant wide . real time protection is off now for an particular endpoint . if I enable a group policy to switch on the real time protection what will happen,
. will the settings apply regardless of tamper protection is on or off or it will not apply because tamper protection is already on.
- Hi Taj100,
I'm not 100% sure, but I think as long as Tamper protection is enabled, the Realtime Protection will be forced to the "enabled" state and the GPO will be ignored.
Best regards
Stefan
