Manage Defender configurations on devices

A Microsoft Defender configuration contains a collection of settings that can be applied to one or more managed devices. Each configuration can include various settings that control many aspects of MS Defender on managed devices, such as the mechanisms for file scanning, threat removal, network protection, and many others. You can only apply a single Defender configuration to a managed device. Any configurations applied to a managed device override related Defender settings specified locally on the device.

To apply a Defender configuration to managed devices:

  1. To apply a Defender configuration to one or more Windows devices using the Devices tab:
    1. Select the Devices tab in top navigation.
    2. Select one or more Windows devices in the list.
    3. In the right panel, click Security.
    4. In the Security area that appears, in the Antivirus section, on the right of Configuration, click Set.
    5. In the Security Configuration Library view that appears, select a Defender configuration, and click Apply to Device.

    At this point, you can also review and configure any Defender Antivirus settings on the device. For details, see Review and manage Defender configurations.

    For more information about working with devices using the Devices tab, see Managing devices.

  2. To apply a Defender configuration to one or more devices using policies:
    1. Select the Policies tab in top navigation.
    2. Complete one of the following steps:
      • To create a policy, click Add New.
      • To edit an existing policy, click an individual policy to open the policy details.
    3. In the Applies Tosection, select one or more labels associated with target devices. For more details about labels, see Using labels to group similar items.
    4. In the right pane, in the Resources tab, click Add Resources to open the drop-down list, and then click Security to open a dialog.
    5. Slide the Link toggle to link/unlink a Defender configuration.
      • To link the Security configuration to policy, slide the Link toggle to right. The color of the toggle changes to green indicating the resource is linked.
      • To unlink a previously linked Security configuration, slide the Link toggle to left. The color of the toggle changes to red indicating the resource is unlinked.

        • NOTE: Selecting multiple Defender configurations always results in an error. You can only associate a single Defender configuration with a policy.

    6. (Optional) In the Options column, click the icon to open Resource Options dialog. Select one of the following Compliance Type:
      1. Include - Select this option to include the resource when determining the compliance status.

        NOTE: By default, all the Resources in a policy are included in compliance checks.

      2. Exclude - Select this option to exclude the Resource when determining the compliance status.
    7. Click Add Resources to associate the Security configuration to the policy. You can view the resource in the Resources pane.
    8. Click Push Resource to deploy the added Security configuration to the target devices or users.
      For more information about policies, see Using policies to manage device configurations.