Defender Policy VS Baseline Conflict: Scan network

Copper Contributor

On the defender policy section it has an option for "Scan Network Files" the options are Yes or NoOn the Baseline in the Defender section it has the "Scan Network Files" section as well and the options are Yes and Not Configured (which states it won't scan them if that is selected.However, This then causes a policy Conflict when rolling out the baseline to users with the Defender Policy.Has anyone found a work around on similar issues?

6 Replies
@emmanueldmc, when you say "baseline', is it the Security Baseline for Windows 10 and later or
Microsoft Defender for Endpoint Baseline? Thx.

@Yong Rhee  is it the Security Baseline for Windows 10 and later... the policy for Defender it configured in the section: Endpoint security | anti virus

@emmanueldmc, what is the reason for configuring the same settings using a baseline and AV policy? It will help to avoid conflicts if the settings are configured in one place. When there is a conflict, the most restrictive policy will apply. Therefore, the result might not be the one you are expecting. 

I have the same issue and have not found a solution. There is no way to disable the Microsoft Defender settings in the "Security Baseline for Windows 10 and later". You have to configure the settings to something which then creates the conflict even if the settings are the same. The 3 settings I have which show conflicting on the baseline even though I configured them the same are: Enter how often (0-24 hours) to check for security intelligence updates, Scan type, and Scan network files.
Same here - from the Defender policy, it is set to `not allowed`. From the security baseline, set to not configured - but still seeing a conflict
To answer your question, setting this setting as `not configured` in the Baseline (in order for it to only take affect from the AV policy) there is still a conflict.