Windows Defender AntiVirus with Intune

Brass Contributor
Windows Defender antivirus is enabled with Intune(Co-managed deployment) Antivirus policy, Our organization normally had Symantec and did not use Defender.
However the below is showing in Virus and Threat Protection.




Basic settings are used in the policy: 
Allow Archive Scanning
Allowed. Scans the archive files.
Allow Behavior Monitoring
Allowed. Turns on real-time behavior monitoring.
Allow Cloud Protection
Allowed. Turns on Cloud Protection.
Allow Email Scanning
Not allowed. Turns off email scanning.
Allow Full Scan On Mapped Network Drives
Not allowed. Disables scanning on mapped network drives.
Allow Full Scan Removable Drive Scanning
Allowed. Scans removable drives.
Allow scanning of all downloaded files and attachments
Allow Realtime Monitoring
Allowed. Turns on and runs the real-time monitoring service.
Allow Scanning Network Files
Not allowed. Turns off scanning of network files.
Allow Script Scanning
Allow User UI Access
Allowed. Lets users access UI.
Avg CPU Load Factor
Check For Signatures Before Running Scan
Cloud Block Level
Cloud Extended Timeout
Days To Retain Cleaned Malware
Disable Catchup Full Scan
Disable Catchup Quick Scan
Enable Low CPU Priority
Enable Network Protection
Enabled (block mode)
PUA Protection
PUA Protection on. Detected items are blocked. They will show in history along with other threats.
Real Time Scan Direction
Monitor all files (bi-directional).
Scan Parameter
Quick scan
Schedule Quick Scan Time
Schedule Scan Day
Signature Update Interval
Submit Samples Consent
Send safe samples automatically.
5 Replies
Scheduled scans do not work in passive mode. Also, MS does not support using this feature in Enterprise environments.

@rahuljindal-MVP Quick scan I can see is working already in passive mode. That is not really my question, My question is that Defender AV does not show enabled in security providers in Virus and threat protection.


From PowerShell:


Get-MpComputerStatus |Fl *abled*

AMServiceEnabled : True
AntispywareEnabled : True
AntivirusEnabled : True
BehaviorMonitorEnabled : True
IoavProtectionEnabled : False
NISEnabled : False
OnAccessProtectionEnabled : False
RealTimeProtectionEnabled : True



Get-MpComputerStatus |Fl *scan*

FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
LastFullScanSource : 0
LastQuickScanSource : 2
QuickScanAge : 0
QuickScanEndTime : 5/31/2024 12:43:13 PM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.411.383.0
QuickScanStartTime : 5/31/2024 12:33:52 PM
RealTimeScanDirection : 0

“However the below is showing in Virus and Threat Protection.” - There was no question. I had to interpret what you might want to ask and the screenshot highlighted periodic scanning.

“My question is that Defender AV does not show enabled in security providers in Virus and threat protection.” - Are your devices onboarded on to Defender for Endpoint or are you just managing Defender AV?
Yes I realized, Sorry for that, I dont think pictures can be added here for some reason, Generally speaking Defender AV works with Intune, Passive mode and does not show in security providers likely since Symantec AV is in place and is taking the action, I assume once symantec is removed, Defender AV will be in active mode? or maybe something else will be needed
Yes, when the non MS security solution is removed then Defender AV will switch to active mode.