Windows Defender Management

Hi Michael,

Great question, here's my take as a product manager on the Windows Defender team:

We don't force or necessarily recommend one over the other. 

That said with SCCM you get a few nice benefits:

1. We only surface the important, common config knobs, so it makes for an easier config experience. You don't need to go into the weeds of obscure seldom used settings like in GPO.

2. If you already use SCCM for your other management/IT tasks, it's great to do everything in one place.
3. SCCM also has a dashboard, reporting & compliance over antivirus data, so it's not just deploy/configure and forget.
4. And of course, SCCM also does deployment, so in the case of Windows 7/8, you would want to use it to actually deploy the SCEP ("System Center Endpoint Protection") agent. This isn't needed for Windows 10. Also SCCM has licenses for AV for Linux and Mac (though basic, and with no reporting).

Bottom line - I'd start with SCCM (or Intune btw), and if you find yourself needing some of the uncommon GP settings, use GPO/PowerShell/WMI for them.

Amitai