SOLVED

MDE Anti-malware Policy Management

%3CLINGO-SUB%20id%3D%22lingo-sub-2735232%22%20slang%3D%22en-US%22%3EMDE%20Anti-malware%20Policy%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2735232%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20day%20community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERookie%20question%2C%20but%20MDE%20does%20not%20allow%20AV%20policy%20management%20across%20devices%2C%20correct%3F%20In%20other%20words%2C%20I%20still%20need%20to%20manage%20my%20Windows%2010%20devices%20through%20MEM%2FConfig%20Manager%20for%20things%20like%20file%2Ffolder%20exclusion.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20short%2C%20MDE%20does%20not%20allow%20me%20to%20manage%20Windows%20Defender%20AV.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETIA%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2735318%22%20slang%3D%22en-US%22%3ERe%3A%20MDE%20Anti-malware%20Policy%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2735318%22%20slang%3D%22en-US%22%3ECorrect%2C%20you%20need%20an%20additional%20management%20pane%20to%20managed%20MDAV%3CBR%20%2F%3EAlso%20to%20deploy%20MDE%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2735351%22%20slang%3D%22en-US%22%3ERe%3A%20MDE%20Anti-malware%20Policy%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2735351%22%20slang%3D%22en-US%22%3EThought%20so%2C%20thanks%20for%20the%20sanity%20check%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Contributor

Good day community,

 

Rookie question, but MDE does not allow AV policy management across devices, correct? In other words, I still need to manage my Windows 10 devices through MEM/Config Manager for things like file/folder exclusion.

 

In short, MDE does not allow me to manage Windows Defender AV.

 

TIA

3 Replies
best response confirmed by SebastiaanR (Contributor)
Solution
Correct, you need an additional management pane to managed MDAV
Also to deploy MDE
Thought so, thanks for the sanity check :)
Yes. MDE will provide EDR functionalities but for AV(EPP) functionalities still need configuration manager tools. We can use MDE (KQL Query) to get the Defender AV reports like antivirus status, definition reports and etc.. i am not sure what kind of Files/Folder exclusion you are talking about. if excluding file/folder from av scanning then it needs to be managed through config tool. if you are talking about excluding files/folder from automatic investigation then it can be done through MDE...