%3CLINGO-SUB%20id%3D%22lingo-sub-1700246%22%20slang%3D%22en-US%22%3EAnnouncing%20Tamper%20Protection%20for%20Configuration%20Manager%20Tenant%20Attach%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1700246%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EMatt%20Shadbolt%20(%3CA%20title%3D%22ConfigMgrDogs%22%20href%3D%22https%3A%2F%2Ftwitter.com%2FConfigMgrDogs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40ConfigMgrDogs%3C%2FA%3E)%20-%20Principal%20Program%20Manager%20%7C%20Microsoft%20Endpoint%20Manager%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELast%20year%2C%20the%20Defender%20for%20Endpoint%20team%20and%20Microsoft%20Endpoint%20Manager%20team%20collaborated%20on%20a%20new%20feature%20called%20Tamper%20Protection.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETamper%20Protection%20protects%20against%20malicious%20actors%20modifying%20the%20configuration%20of%20Microsoft%20Defender%20on%20Windows%2010%20clients%20to%20disable%20AV%20protection%2C%20real-time%20protection%2C%20behavior%20monitoring%2C%20cloud-delivered%20protection%2C%20or%20to%20remove%20security%20intelligence%20updates.%20Endpoint%20Manager%20and%20Defender%20for%20Endpoint%20uniquely%20enable%20Enterprise%20administrators%20to%20enable%20and%20disable%20Tamper%20Protection%20in%20a%20secure%20manner.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBefore%20today%2C%20Tamper%20Protection%20controls%20were%20only%20available%20for%20Windows%2010%20clients%20being%20managed%20via%20Intune%20cloud%20management%20or%20ConfigMgr%20co-management.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EToday%20we%E2%80%99re%20excited%20to%20announce%20Tamper%20Protection%20has%20been%20extended%20to%20ConfigMgr%202006-only%20clients%20on%20both%20Windows%2010%20and%20Windows%20Server%202019%2C%20delivered%20via%20Tenant%20Attach.%20(Windows%20Server%202016%20coming%20soon!)%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETenant%20Attach%20allows%20you%20to%20sync%20your%20on-prem%20only%20ConfigMgr%20clients%20into%20the%20Microsoft%20Endpoint%20Manager%20admin%20center%2C%20and%20deliver%20Endpoint%20security%20configuration%20policies%20to%20your%20on-prem%20collections%2Fclients.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20easily%20enable%20Tenant%20Attach%20by%20following%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fconfigmgr%2Ftenant-attach%2Fdevice-sync-actions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethese%20instructions%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20enabled%2C%20browse%20%3CSTRONG%3EEndpoint%20security%20%26gt%3B%20Antivirus%3C%2FSTRONG%3E%20in%20the%20Microsoft%20Endpoint%20Manager%20admin%20center%20to%20create%20and%20deploy%20the%20Tamper%20Protection%20setting.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Windows%20security%20experience%20policy%20in%20Endpoint%20security.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F221244i55FC565953F079E2%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Windows%20security%20experience%20policy%20in%20Endpoint%20security.png%22%20alt%3D%22Windows%20security%20experience%20policy%20in%20Endpoint%20security.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENext%2C%20configure%20the%20Tamper%20Protection%20setting%20and%20deploy%20it%20to%20a%20Configuration%20Manager%20collection%20of%20devices.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Enable%20tamper%20protection%20setting.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F221242iE4CEBC700B6E5EA4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Enable%20tamper%20protection%20setting.png%22%20alt%3D%22Enable%20tamper%20protection%20setting.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20policy%20syncs%20down%20to%20the%20ConfigMgr%20site%2C%20and%20applies%20to%20all%20devices%20in%20the%20target%20collection.%20You%20can%20view%20the%20policy%20status%20in%20the%20%3CSTRONG%3EMonitoring%20%26gt%3B%20Deployments%20%3C%2FSTRONG%3Esection%20in%20ConfigMgr%2C%20and%20can%20also%20be%20found%20in%20the%20policy%20status%20in%20the%20Endpoint%20Manager%20Admin%20center%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22View%20tamper%20protection%20status%20in%20ConfigMgr.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F221241i40023E67468893E7%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22View%20tamper%20protection%20status%20in%20ConfigMgr.png%22%20alt%3D%22View%20tamper%20protection%20status%20in%20ConfigMgr.png%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EClients%20now%20have%20the%20Tamper%20Protection%20feature%20On%2C%20and%20you%20can%20validate%20in%20on%20the%20client%20by%20viewing%20the%20%3CSTRONG%3EWindows%20Security%20app%20%26gt%3B%20Virus%20%26amp%3B%20threat%20protection%20%26gt%3B%20Virus%20%26amp%3B%20threat%20protection%20settings%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22View%20tamper%20protection%20status%20in%20Windows%20Security.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F221243i67CB794705CD99DC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22View%20tamper%20protection%20status%20in%20Windows%20Security.png%22%20alt%3D%22View%20tamper%20protection%20status%20in%20Windows%20Security.png%22%20%2F%3E%3C%2FSPAN%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETamper%20Protection%20is%20a%20unique%20Microsoft%20365%20feature%2C%20utilizing%20the%20deep%20integration%20we%20deliver%20to%20enable%20both%20Security%20and%20IT%20management%20teams%20to%20keep%20their%20organization%20secure.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20learn%20more%2C%20please%20visit%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fprotect%2Fendpoint-security-antivirus-policy%23prerequisites-for-tamper-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEndpoint%20security%20docs%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1700246%22%20slang%3D%22en-US%22%3E%3CP%3EAnnouncing%20Tamper%20Protection%20for%20Configuration%20Manager%20Tenant%20Attach%20clients%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EToday%20we%E2%80%99re%20excited%20to%20announce%20Tamper%20Protection%20has%20been%20extended%20to%20ConfigMgr%202006-only%20clients%20on%20both%20Windows%2010%20and%20Windows%20Server%202019%2C%20delivered%20via%20Tenant%20Attach.%20(Windows%20Server%202016%20coming%20soon!)%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1700246%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConfiguration%20Manager%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Endpoint%20Manager%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Intune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1727099%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20Tamper%20Protection%20for%20Configuration%20Manager%20Tenant%20Attach%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1727099%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20implementation.%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1727549%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20Tamper%20Protection%20for%20Configuration%20Manager%20Tenant%20Attach%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1727549%22%20slang%3D%22en-US%22%3E%3CP%3EIs%26nbsp%3BMicrosoft%20Defender%20Advanced%20Threat%20Protection%20E5%20license%20a%20requirement%20to%20use%20this%20feature%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1731471%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20Tamper%20Protection%20for%20Configuration%20Manager%20Tenant%20Attach%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1731471%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233448%22%20target%3D%22_blank%22%3E%40niels%20haaijer%3C%2FA%3E%26nbsp%3B%20-%20yes%2C%20Tamper%20Protection%20via%20Endpoint%20Manager%20will%20only%20be%20applicable%20to%20E5%2C%20MDATP%20enrolled%20devices.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1851939%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20Tamper%20Protection%20for%20Configuration%20Manager%20Tenant%20Attach%20clients%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1851939%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340348%22%20target%3D%22_blank%22%3E%40Zach_Howes%3C%2FA%3E%26nbsp%3BAre%20you%20sure%20for%20Tamper%20Protection%20device%20needs%20to%20be%20MDATP%20enrolled%3F%26nbsp%3B%3CBR%20%2F%3EI%20no%20where%20see%20this%20as%20a%20prerequisite.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fendpoint-security-antivirus-policy%23prerequisites-for-tamper-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fendpoint-security-antivirus-policy%23prerequisites-for-tamper-protection%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-antivirus%2Fprevent-changes-to-security-settings-with-tamper-protection%23turn-tamper-protection-on-or-off-for-your-organization-using-intune%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-antivirus%2Fprevent-changes-to-security-settings-with-tamper-protection%23turn-tamper-protection-on-or-off-for-your-organization-using-intune%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Matt Shadbolt (@ConfigMgrDogs) - Principal Program Manager | Microsoft Endpoint Manager

 

Last year, the Defender for Endpoint team and Microsoft Endpoint Manager team collaborated on a new feature called Tamper Protection.

 

Tamper Protection protects against malicious actors modifying the configuration of Microsoft Defender on Windows 10 clients to disable AV protection, real-time protection, behavior monitoring, cloud-delivered protection, or to remove security intelligence updates. Endpoint Manager and Defender for Endpoint uniquely enable Enterprise administrators to enable and disable Tamper Protection in a secure manner.

 

Before today, Tamper Protection controls were only available for Windows 10 clients being managed via Intune cloud management or ConfigMgr co-management.

 

Today we’re excited to announce Tamper Protection has been extended to ConfigMgr 2006-only clients on both Windows 10 and Windows Server 2019, delivered via Tenant Attach. (Windows Server 2016 coming soon!)

 

Tenant Attach allows you to sync your on-prem only ConfigMgr clients into the Microsoft Endpoint Manager admin center, and deliver Endpoint security configuration policies to your on-prem collections/clients.

 

You can easily enable Tenant Attach by following these instructions.

 

Once enabled, browse Endpoint security > Antivirus in the Microsoft Endpoint Manager admin center to create and deploy the Tamper Protection setting.

 

Windows security experience policy in Endpoint security.png

 

Next, configure the Tamper Protection setting and deploy it to a Configuration Manager collection of devices.

 

Enable tamper protection setting.png

 

The policy syncs down to the ConfigMgr site, and applies to all devices in the target collection. You can view the policy status in the Monitoring > Deployments section in ConfigMgr, and can also be found in the policy status in the Endpoint Manager Admin center

 

View tamper protection status in ConfigMgr.png 

 

Clients now have the Tamper Protection feature On, and you can validate in on the client by viewing the Windows Security app > Virus & threat protection > Virus & threat protection settings

 

View tamper protection status in Windows Security.png 

 

Tamper Protection is a unique Microsoft 365 feature, utilizing the deep integration we deliver to enable both Security and IT management teams to keep their organization secure.

 

To learn more, please visit our Endpoint security docs.

4 Comments

Great implementation. Thanks.

Senior Member

Is Microsoft Defender Advanced Threat Protection E5 license a requirement to use this feature?

Microsoft

@niels haaijer  - yes, Tamper Protection via Endpoint Manager will only be applicable to E5, MDATP enrolled devices.