Windows Defender Antivirus (Active or Passive)



I need to get a report of machines with status of Windows Defender Antivirus (Active or Passive).


As per the document - it says to run Get-MpComputerStatus cmdlet in Powershell and check the value for AMRunningMode.


When I ran this on a machine where a 3rd party AV was installed with Windows Defender AV running in passive mode, I got the value Normal under AMRunningMode instead of Passive.


Is there any other way we can get the status of Windows Defender AV from MDATP Security Center or Intune.

0 Replies