Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
Platforms
- Windows
You can use Group Policy to prevent users on endpoints from seeing the Microsoft Defender Antivirus interface. You can also prevent them from pausing scans.
Hide the Microsoft Defender Antivirus interface
In Windows 10, versions 1703, hiding the interface hides Microsoft Defender Antivirus notifications and prevent the Virus & threat protection tile from appearing in the Windows Security app.
With the setting set to Enabled:
With the setting set to Disabled or not configured:
Note
Hiding the interface will also prevent Microsoft Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender for Endpoint notifications will still appear. You can also individually configure the notifications that appear on endpoints
In earlier versions of Windows 10, the setting hides the Windows Defender client interface. If the user attempts to open it, they'll receive a warning that says, "Your system administrator has restricted access to this app."
Use Group Policy to hide the Microsoft Defender Antivirus interface from users
On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.
Using the Group Policy Management Editor go to Computer configuration.
Select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Client interface.
Double-click the Enable headless UI mode setting and set the option to Enabled. Select OK.
See Prevent users from locally modifying policy settings for more options on preventing users from modifying protection on their PCs.
Prevent users from pausing a scan
You can prevent users from pausing scans, which can be helpful to ensure scheduled or on-demand scans aren't interrupted by users.
Note
This setting is not supported on Windows 10.
Use Group Policy to prevent users from pausing a scan
On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.
Using the Group Policy Management Editor go to Computer configuration.
Select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Scan.
Double-click the Allow users to pause scan setting and set the option to Disabled. Select OK.
UI Lockdown mode
Indicates whether to disable UI Lockdown mode. If you specify a value of $True
, Microsoft Defender Antivirus disables UI Lockdown mode. If you specify a value of $False
or don't specify a value, UI Lockdown mode is enabled.
PS C:\>Set-MpPreference -UILockdown $true
Related articles
- Configure the notifications that appear on endpoints
- Configure end-user interaction with Microsoft Defender Antivirus
- Microsoft Defender Antivirus in Windows 10
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features