We recommend using Microsoft Endpoint Manager to manage your organization’s threat protection features for devices (also referred to as endpoints). Endpoint Manager includes Microsoft Intune and Microsoft Endpoint Configuration Manager. Learn more about Endpoint Manager.
You can use Group Policy Objects in Azure Active Directory Domain Services to manage some settings in Microsoft Defender for Endpoint.
Configure Microsoft Defender for Endpoint with Group Policy Objects
If you’re using the new, unified Microsoft Defender for Endpoint solution for Windows Server 2012 R2 and 2016, please ensure you are using the latest ADMX files in your central store to get access to the correct Microsoft Defender for Endpoint policy options. Please reference How to create and manage the Central Store for Group Policy Administrative Templates in Windows and download the latest files for use with Windows 10.
The following table lists various tasks you can perform to configure Microsoft Defender for Endpoint with Group Policy Objects.
|Task||Resources to learn more|
|Manage settings for user and computer objects
Customize built-in Group Policy Objects, or create custom Group Policy Objects and organizational units to suit your organizational needs.
|Administer Group Policy in an Azure Active Directory Domain Services managed domain|
|Configure Microsoft Defender Antivirus
Configure antivirus features & capabilities, including policy settings, exclusions, remediation, and scheduled scans on your organization’s devices (also referred to as endpoints).
|Use Group Policy settings to configure and manage Microsoft Defender Antivirus|
|Manage your organization’s attack surface reduction rules
Customize your attack surface reduction rules by excluding files & folders, or by adding custom text to notification alerts that appear on users’ devices.
|Customize attack surface reduction rules with Group Policy Objects|
|Manage exploit protection settings
You can customize your exploit protection settings, import a configuration file, and then use Group Policy to deploy that configuration file.
|Customize exploit protection settings|
|Enable Network Protection to help prevent employees from using apps that malicious content on the Internet
We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out.
|Turn on network protection using Group Policy|
|Configure controlled folder access to protect against ransomware
Controlled folder access is also referred to as antiransomware protection.
|Enable controlled folder access using Group Policy|
|Configure Microsoft Defender SmartScreen to protect against malicious sites and files on the internet.||Configure Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings using Group Policy|
|Configure encryption and BitLocker to protect information on your organization’s devices running Windows||BitLocker Group Policy settings|
|Configure Microsoft Defender Credential Guard to protect against credential theft attacks||Enable Windows Defender Credential Guard by using Group Policy|
Configure your Microsoft 365 Defender portal
If you haven’t already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization’s overall security posture. See Microsoft 365 Defender. You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.