cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcing Tamper Protection for Configuration Manager Tenant Attach clients
By
Matt Shadbolt
Published Sep 29 2020 08:00 AM 18.3K Views
Matt Shadbolt
Microsoft
‎Sep 29 2020 08:00 AM

Announcing Tamper Protection for Configuration Manager Tenant Attach clients

‎Sep 29 2020 08:00 AM

Matt Shadbolt (@ConfigMgrDogs) - Principal Program Manager | Microsoft Endpoint Manager

 

Last year, the Defender for Endpoint team and Microsoft Endpoint Manager team collaborated on a new feature called Tamper Protection.

 

Tamper Protection protects against malicious actors modifying the configuration of Microsoft Defender on Windows 10 clients to disable AV protection, real-time protection, behavior monitoring, cloud-delivered protection, or to remove security intelligence updates. Endpoint Manager and Defender for Endpoint uniquely enable Enterprise administrators to enable and disable Tamper Protection in a secure manner.

 

Before today, Tamper Protection controls were only available for Windows 10 clients being managed via Intune cloud management or ConfigMgr co-management.

 

Today we’re excited to announce Tamper Protection has been extended to ConfigMgr 2006-only clients on both Windows 10 and Windows Server 2019, delivered via Tenant Attach. (Windows Server 2016 coming soon!)

 

Tenant Attach allows you to sync your on-prem only ConfigMgr clients into the Microsoft Endpoint Manager admin center, and deliver Endpoint security configuration policies to your on-prem collections/clients.

 

You can easily enable Tenant Attach by following these instructions.

 

Once enabled, browse Endpoint security > Antivirus in the Microsoft Endpoint Manager admin center to create and deploy the Tamper Protection setting.

 

Windows security experience policy in Endpoint security.png

 

Next, configure the Tamper Protection setting and deploy it to a Configuration Manager collection of devices.

 

Enable tamper protection setting.png

 

The policy syncs down to the ConfigMgr site, and applies to all devices in the target collection. You can view the policy status in the Monitoring > Deployments section in ConfigMgr, and can also be found in the policy status in the Endpoint Manager Admin center

 

View tamper protection status in ConfigMgr.png 

 

Clients now have the Tamper Protection feature On, and you can validate in on the client by viewing the Windows Security app > Virus & threat protection > Virus & threat protection settings

 

View tamper protection status in Windows Security.png 

 

Tamper Protection is a unique Microsoft 365 feature, utilizing the deep integration we deliver to enable both Security and IT management teams to keep their organization secure.

 

To learn more, please visit our Endpoint security docs.

5 Comments
Harjit Dhaliwal
Bronze Contributor
‎Sep 29 2020 05:18 PM
‎Sep 29 2020 05:18 PM

Great implementation. Thanks.

0 Likes
Like
niels haaijer
Copper Contributor
‎Sep 29 2020 11:06 PM
‎Sep 29 2020 11:06 PM

Is Microsoft Defender Advanced Threat Protection E5 license a requirement to use this feature?

0 Likes
Like
Zach_Howes
Microsoft
‎Sep 30 2020 11:35 AM
‎Sep 30 2020 11:35 AM

@niels haaijer  - yes, Tamper Protection via Endpoint Manager will only be applicable to E5, MDATP enrolled devices. 

0 Likes
Like
Navneet_Singh_Ghura
Microsoft
‎Nov 03 2020 10:31 PM
‎Nov 03 2020 10:31 PM

Hello @Zach_Howes Are you sure for Tamper Protection device needs to be MDATP enrolled? 
I no where see this as a prerequisite.
https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-antivirus-policy#prerequisites...
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/pre...  

MattoNZ
Copper Contributor
‎Jun 09 2022 06:17 PM
‎Jun 09 2022 06:17 PM

It would be awesome if you could still control AV Settings fully via GPO when Tamper Protection is turned on in Defender ATP.  Servers can't be enrolled in Intune natively and we decided to stick with configuring Defender AV / ATO on Servers via GPO's & didn't SCCM the Servers. 

 

Tamper Protection means these settings can't be controlled anymore, so basically have to turn of the whole thing site wide in Defender ATP to just disable AV on one server, one time...

0 Likes
Like
Co-Authors
Version history
Last update:
‎Feb 10 2023 11:22 AM
Updated by: