SOLVED

What does the Antivirus status mean? Disabled, Not supported, Not updated, Unknown

Visitor

 What steps need to be taken to get the devices to show status as Updated

1 Reply
best response confirmed by Aksa2340 (Visitor)
Solution
Hi @Aksa2340,

Device health and compliance report in Microsoft Defender for Endpoint
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-reports?view=o365-...

Disabled, it means that the Microsoft Defender Antivirus is disabled. Such as by using this policy (or mdm policy) "Turn off Microsoft Defender Antivirus" Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/use-group-policy-microsoft...

Or if you are running a 3rd party antivirus which might disable Microsoft Defender Antivirus.
Please review: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivir...

"Not updated", the "Security Intelligence Update" (Signature/Definitions) might be outdated. Depending on the management product that you are using, make sure that the systems are getting an updated "Security intelligence update" that is not older than 3-10 days (ideally < 1 day).

Reference: Manage the sources for Microsoft Defender Antivirus protection updates
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-updates-...
and
Manage Microsoft Defender Antivirus updates and apply baselines
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-m...

"Not supported" can be OS'es such as iOS which do not have an antimalware.

"Unknown" can be, if you have Windows Server 2012 R2 and/or Windows Server 2016, and you are not using the latest unified MDE for downlevel Windows Servers.
For details: Defending Windows Server 2012 R2 and 2016
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012...
Or
If you are running MDE for macOS or MDE for Linux, make sure that you have the bits from at least March of 2022 (ideally 101.73.77 which enables the new antimalware engine). For more info, check out "What's new" here: aka.ms/MDEforMac and aka.ms/MDEforLinux.
For more info about the new antimalware engine:
Enhanced antimalware engine capabilities for Linux and macOS
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/enhanced-antimalware-engine-c...

Thanks,
Yong Rhee - MSFT