SOLVED

New "Tamper Protection" entry in MDE Advanced features panel

%3CLINGO-SUB%20id%3D%22lingo-sub-2166261%22%20slang%3D%22en-US%22%3ENew%20%22Tamper%20Protection%22%20entry%20in%20MDE%20Advanced%20features%20panel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2166261%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everybody%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Etoday%20I%20noticed%20a%20new%20entry%20unter%20the%20%22Advanced%20features%22%20section%20of%20the%20MDE%20Cloudportal%20(securitycenter.microsoft.com)%20named%20%22Tamper%20protection%22.%3C%2FP%3E%3CP%3EIs%20this%20the%20long%20awaited%20possibility%20to%20turn%20on%20tamper%20protection%20when%20not%20using%20Intune%3F%3C%2FP%3E%3CP%3EIs%20anybody%20else%20seeing%20this%20(with%20preview%20features%20turned%20on)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2167032%22%20slang%3D%22en-US%22%3ERe%3A%20New%20%22Tamper%20Protection%22%20entry%20in%20MDE%20Advanced%20features%20panel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2167032%22%20slang%3D%22en-US%22%3EI%20think%20you%20are%20correct%3A%3CBR%20%2F%3E%3CBR%20%2F%3EManage%20tamper%20protection%20for%20your%20organization%20using%20the%20Microsoft%20Defender%20Security%20Center%3CBR%20%2F%3ECurrently%20in%20preview%2C%20tamper%20protection%20can%20be%20turned%20on%20or%20off%20in%20the%20Microsoft%20Defender%20Security%20Center%20(%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%3C%2FA%3E).%20Here%20are%20a%20few%20points%20to%20keep%20in%20mind%3A%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20you%20use%20the%20Microsoft%20Defender%20Security%20Center%20to%20manage%20tamper%20protection%2C%20you%20do%20not%20have%20to%20use%20Intune%20or%20the%20tenant%20attach%20method.%3CBR%20%2F%3EWhen%20you%20manage%20tamper%20protection%20in%20the%20Microsoft%20Defender%20Security%20Center%2C%20the%20setting%20is%20applied%20tenant%20wide%2C%20affecting%20all%20of%20your%20devices%20that%20are%20running%20Windows%2010%2C%20Windows%20Server%202016%2C%20or%20Windows%20Server%202019.%20To%20fine-tune%20tamper%20protection%20(such%20as%20having%20tamper%20protection%20on%20for%20some%20devices%20but%20off%20for%20others)%2C%20use%20either%20Intune%20or%20Configuration%20Manager%20with%20tenant%20attach.%3CBR%20%2F%3EIf%20you%20have%20a%20hybrid%20environment%2C%20tamper%20protection%20settings%20configured%20in%20Intune%20take%20precedence%20over%20settings%20configured%20in%20the%20Microsoft%20Defender%20Security%20Center.%3CBR%20%2F%3ETamper%20protection%20is%20generally%20available%3B%20however%2C%20the%20ability%20to%20manage%20tamper%20protection%20in%20the%20Microsoft%20Defender%20Security%20Center%20is%20currently%20in%20preview.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-antivirus%2Fprevent-changes-to-security-settings-with-tamper-protection%23manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-antivirus%2Fprevent-changes-to-security-settings-with-tamper-protection%23manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2167901%22%20slang%3D%22en-US%22%3ERe%3A%20New%20%22Tamper%20Protection%22%20entry%20in%20MDE%20Advanced%20features%20panel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2167901%22%20slang%3D%22en-US%22%3EHi%20Ed%20in%2C%3CBR%20%2F%3E%3CBR%20%2F%3EThank%20you%2C%20great%20news.%20Going%20to%20test%20this%20out%2C%20I'm%20a%20bit%20confused%20that%20such%20an%20important%20feature%20was%20not%20featured%20in%20a%20blog%20entry%20or%20something%20like%20this.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%3CBR%20%2F%3EStefan%3C%2FLINGO-BODY%3E
Contributor

Hello everybody,

 

today I noticed a new entry unter the "Advanced features" section of the MDE Cloudportal (securitycenter.microsoft.com) named "Tamper protection".

Is this the long awaited possibility to turn on tamper protection when not using Intune?

Is anybody else seeing this (with preview features turned on)?

 

Best regards

Stefan

6 Replies
best response confirmed by SteBeSec (Contributor)
Solution
I think you are correct:

Manage tamper protection for your organization using the Microsoft Defender Security Center
Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center (https://securitycenter.windows.com). Here are a few points to keep in mind:

When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method.
When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either Intune or Configuration Manager with tenant attach.
If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/pre...
Hi Ed in,

Thank you, great news. Going to test this out, I'm a bit confused that such an important feature was not featured in a blog entry or something like this.

Best regards
Stefan
Hi Stefan,
Yes, I was waiting to reach till GA for the announcement - here is the link https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-a-global-switch-fo...

Couldn't agree more, it is such an important feature and we absolutely listen to your feedback and hence the support from MDE portal. Please turn it on today for your organization and give product team feedback. Thank you for working with us!
Best,
Shweta
Thanks, I'm in process deploying Defender ATP and what I was look for !
I am managing defender AV using group policy. Migration is currently going on from our old av to defender.
My doubt is if I enable tamper protection from security center , how it will impact on group policy changes on real time protection . Will the changes apply even though tamper protection is on?
Let me give the scenario, let's say temper protection is on now tenant wide . real time protection is off now for an particular endpoint . if I enable a group policy to switch on the real time protection what will happen,
. will the settings apply regardless of tamper protection is on or off or it will not apply because tamper protection is already on.
Hi Taj100,

I'm not 100% sure, but I think as long as Tamper protection is enabled, the Realtime Protection will be forced to the "enabled" state and the GPO will be ignored.

Best regards
Stefan