Preventing Defender quarantining PUAs on BYO devices.

Copper Contributor

We've recently bumped up our M365 Business Standard to Premium and I'm working through Defender/Endpoint and all the other extra security goodies. I have to say that the double whammy of not starting from scratch and most of the Defender help is for big corporate sites on Enterprise licenses (and not a little start-up where 50% of people are using BYO devices and doesn't even have an office) has made learning how to configure security for our needs a bit overwhelming. 

How do I stop Defender of Office 365 from blocking certain PUAs on personal devices? We have a policy of locking down applications for all Azure AD joined 'owned' devices and we would like to get a compliance warning on any machine logged into the system but we've had at least one instance where Defender has quarantined a perfectly legitimately needed BitTorrent application on a personal device.

Is there a list of the applications Defender thinks are dodgy and how would I go about whitelisting certain applications that we've allowed for trusted users BYO devices? 

If I can't do that, how can I simply allow all personal devices to run PUAs? A risk I know but honestly, these should be warnings (maybe a total block on access), not just going ahead wiping applications on devices not owned by the company. 

I definitely need to work on our Conditional Access Policies too but perhaps that's a question for another meta thread on CAPs (or maybe not).

0 Replies