Announcing Tamper Protection for Configuration Manager Tenant Attach clients
Published Sep 29 2020 08:00 AM 18.3K Views

Matt Shadbolt (@ConfigMgrDogs) - Principal Program Manager | Microsoft Endpoint Manager


Last year, the Defender for Endpoint team and Microsoft Endpoint Manager team collaborated on a new feature called Tamper Protection.


Tamper Protection protects against malicious actors modifying the configuration of Microsoft Defender on Windows 10 clients to disable AV protection, real-time protection, behavior monitoring, cloud-delivered protection, or to remove security intelligence updates. Endpoint Manager and Defender for Endpoint uniquely enable Enterprise administrators to enable and disable Tamper Protection in a secure manner.


Before today, Tamper Protection controls were only available for Windows 10 clients being managed via Intune cloud management or ConfigMgr co-management.


Today we’re excited to announce Tamper Protection has been extended to ConfigMgr 2006-only clients on both Windows 10 and Windows Server 2019, delivered via Tenant Attach. (Windows Server 2016 coming soon!)


Tenant Attach allows you to sync your on-prem only ConfigMgr clients into the Microsoft Endpoint Manager admin center, and deliver Endpoint security configuration policies to your on-prem collections/clients.


You can easily enable Tenant Attach by following these instructions.


Once enabled, browse Endpoint security > Antivirus in the Microsoft Endpoint Manager admin center to create and deploy the Tamper Protection setting.


Windows security experience policy in Endpoint security.png


Next, configure the Tamper Protection setting and deploy it to a Configuration Manager collection of devices.


Enable tamper protection setting.png


The policy syncs down to the ConfigMgr site, and applies to all devices in the target collection. You can view the policy status in the Monitoring > Deployments section in ConfigMgr, and can also be found in the policy status in the Endpoint Manager Admin center


View tamper protection status in ConfigMgr.png 


Clients now have the Tamper Protection feature On, and you can validate in on the client by viewing the Windows Security app > Virus & threat protection > Virus & threat protection settings


View tamper protection status in Windows Security.png 


Tamper Protection is a unique Microsoft 365 feature, utilizing the deep integration we deliver to enable both Security and IT management teams to keep their organization secure.


To learn more, please visit our Endpoint security docs.

Version history
Last update:
‎Feb 10 2023 11:22 AM
Updated by: