Multi-tenant endpoint security policies distribution is now in Public Preview
We’re excited to announce a key milestone in Defender’s multi-tenant management journey—Microsoft Defender for Endpoint security policies can now be distributed across multiple tenants from the Defender multi-tenant portal. This capability empowers security teams to manage policies at scale, ensuring consistency and saving valuable time. What is content distribution? Content distribution is a powerful Defender feature that enables scalable management of content across tenants. With this capability, you can create content distribution profiles in the multi-tenant portal that allow you to seamlessly replicate existing content—such as custom detection rules and now, endpoint security policies—from a source tenant to designated target tenants. Once distributed, the content runs on the target tenant, enabling centralized control with localized execution. How it works Security policies are now a selectable content type when creating a distribution profile. Simply choose existing policies from your home tenant and add them to the distribution profile. You can also decide which Microsoft Entra group(s) will be applied as scope. Policy targeting will be based on the Entra device groups that exist in every tenant, and you select the relevant groups for each tenant. Upon completion, policies are automatically distributed to the selected tenants and are applied on the targeted machines. Distributed policies also appear in a hierarchical view, with the original policy serving as the parent. You can find the policies that were distributed from the tenant under the original policy. This appears on the endpoint security policies page within multi-tenant management. The last distribution status for the original policy reflects the overall status of its distributed copies, and the tenants and tenant groups sections indicate the recipients of the policy. At any time, you can update the policies, tenants, scope or any other settings, and sync to apply these changes. This new capability enables consistency (maintaining uniform security posture across tenants), efficiency (eliminating manual duplication and reducing operational overhead), and scalability (easily expanding coverage as the tenant landscape grows). FAQ What pre-requisites are required? Access to more than one tenant with Microsoft Defender for Endpoint, with delegated access via Azure B2B or GDAP (CSP Partners only), using the multi-tenant management capability. A subscription to Microsoft 365 E5 or Office E5. What permissions are needed to distribute MDE security policies? To access endpoint security policies, users require the security administrator role in each relevant tenant. To distribute content using multi-tenant management content distribution, the Security settings (manage) or Security Data Basic (read) permission is required. Both roles are assigned to the Security Administrator and Security Reader Microsoft Entra built-in roles by default. Can I update or expand distribution profiles later? Yes. You can add more content, include additional tenants, or modify scopes as needed. Learn more For more information, see Content distribution in multitenant management. To get started, navigate to the Content distribution page. To learn more about Microsoft Defender's endpoint protection, check out our website and video. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.Defender Browser Protection Extension for Chrome
Has any one noticed how pointless this extension is? Deployed using Intune with tamper protection so the user is forced to use it, but Microsoft has built in a disable feature to the extension that can not be controlled, or can it? Any ideas on how to harden this, or something for Microsoft to fix? Tamper Protection enabled: User can bypass by disabling the protection:
Deploying and Activating Microsoft Defender on Android Kiosk Devices Without User Interaction
I’m working with an Android Kiosk device that deploys two applications. This device is enrolled under 'Corporate-owned dedicated devices' Enrollment Profiles and isn’t assigned to any specific user. Our company requires Microsoft Defender on all devices, but I’m encountering issues with Defender activation —it won’t activate without a user login. Since this is a dedicated Kiosk device with no assigned user, this setup doesn’t align well with our needs. Are there any options to deploy and activate Microsoft Defender on Android Kiosk devices without requiring user interaction? Any guidance on configuring Defender in this scenario would be greatly appreciated."Microsoft Defender fails to update from File Share
Hello! I've tried to configure my Windows system to use Defender Updates through File Share. On my domain controller I've set two GPOs to make it possible. Define file shares for downloading security intelligence updates -> \\fileserver\DefenderUpdates Define the order of sources for downloading security intelligence updates -> FileShares When running the command Get-MpPreference I can see that the GPOs were successful with the following output: SignatureDefinitionUpdateFileSharesSources : \\fileserver\DefenderUpdates SignatureDisableUpdateOnStartupWithoutEngine : False SignatureFallbackOrder : FileShares The file structure on the file share looks like the following: \---DefenderUpdates \---x64 mpam-fe.exe Then I tried to run the command Update-MpSignature and I get the following error message: Update-MpSignature: Virtus and spyware definitions update was complated with errors. At line:1 char:1 + Update-MpSignature + + CategoryInfo : NotSpecified: <MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature> [Update-Signature], CimException + FullyQualifiedErrorId : HRESULT 0x8024402c,Update-MpSignature This has worked previously but I don't know what has changed. Does any one have a clue? Best regards, dedicated-worker.
