Will Microsoft Defender for Endpoint prevent user to change settings in Windows security?

%3CLINGO-SUB%20id%3D%22lingo-sub-2727770%22%20slang%3D%22en-US%22%3EWill%20Microsoft%20Defender%20for%20Endpoint%20prevent%20user%20to%20change%20settings%20in%20Windows%20security%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2727770%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E1.%20If%20I%20turn%20on%26nbsp%3B%3CSPAN%3EAllow%20or%20block%20file%20%3C%2FSPAN%3E%3CSPAN%3E(%26nbsp%3BMicrosoft%20365%20Defender%20%26gt%3B%20Settings%20%26gt%3BEndpoints%20%26gt%3B%20General%20%26gt%3B%20Advanced%20features%20%26gt%3B%20Allow%20or%20block%20file%20%26gt%3B%20On)%2C%20Will%20Microsoft%20Defender%20for%20Endpoint%20prevent%20user%20to%20change%20settings%20in%20Windows%20security%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20If%20yes%2C%20how%20to%20let%20user%20have%20ability%20to%20turn%20it%20off%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%20%26nbsp%3B%20(Why%20I%20ask%20the%20question%20is%20After%26nbsp%3Bturn%20off%20Allow%20or%20block%20file%2C%20user%20still%20see%20%22This%20setting%20is%20managed%20by%20your%20administrator%22)%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2730083%22%20slang%3D%22en-US%22%3ERe%3A%20Will%20Microsoft%20Defender%20for%20Endpoint%20prevent%20user%20to%20change%20settings%20in%20Windows%20security%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2730083%22%20slang%3D%22en-US%22%3E1.%20No%2C%20allow%20or%20block%20file%20nothing%20to%20do%20with%20preventing%20user%20to%20change%20the%20security%20settings.%20Tamper%20protection%20can%20prevent%20security%20settings%20beings%20changed..%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20Reason%20for%20seeing%20message%20%22..managed%20by%20administrator%22%20is%20either%20those%20settings%20are%20managed%20by%20configuration%20management%20tools%20like%20group%20policy%2C%20mecm%2C%20intune...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2731364%22%20slang%3D%22en-US%22%3ERe%3A%20Will%20Microsoft%20Defender%20for%20Endpoint%20prevent%20user%20to%20change%20settings%20in%20Windows%20security%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2731364%22%20slang%3D%22en-US%22%3EAbout%202.%3CBR%20%2F%3EThe%20user%20is%20local%20user%2C%20computer%20doesn't%20join%20AD%2C%20all%20group%20policy%20is%20%22Not%20configured%22%2C%20we%20don't%20have%20MECM%20and%20Intune.%3CBR%20%2F%3E%3CBR%20%2F%3EHow%20to%20check%20what%20manage%20the%20setting%3F%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi

1. If I turn on Allow or block file ( Microsoft 365 Defender > Settings >Endpoints > General > Advanced features > Allow or block file > On), Will Microsoft Defender for Endpoint prevent user to change settings in Windows security?

 

2. If yes, how to let user have ability to turn it off?

    (Why I ask the question is After turn off Allow or block file, user still see "This setting is managed by your administrator")

2 Replies
1. No, allow or block file nothing to do with preventing user to change the security settings. Tamper protection can prevent security settings beings changed..

2. Reason for seeing message "..managed by administrator" is either those settings are managed by configuration management tools like group policy, mecm, intune...
About 2.
The user is local user, computer doesn't join AD, all group policy is "Not configured", we don't have MECM and Intune.

How to check what manage the setting?