Manage tamper protection for your organization using Microsoft Defender portal

Applies to:

Platforms

  • Windows

Tamper protection helps protect certain security settings, such as virus and threat protection, from being disabled or changed. If you're part of your organization's security team, you can turn tamper protection on (or off) tenant wide by using the Microsoft Defender portal (https://security.microsoft.com).

Important

If tamper protection is deployed and managed through Intune, turning tamper protection on or off in the Microsoft Defender portal won't impact the state of tamper protection. It restricts tamper-protected settings to their secure default values. For more information, see What happens when tamper protection is turned on?

Requirements for managing tamper protection in the Microsoft Defender portal

Note

When tamper protection is enabled via the Microsoft Defender portal, cloud-delivered protection is required so that the enabled state of tamper protection can be controlled. Starting with the November 2021 update (platform version 4.18.2111.5), if cloud-delivered protection is not already turned on for a device, when tamper protection is turned on, cloud-delivered protection is turned on automatically on the device.

Turn tamper protection on (or off) in the Microsoft Defender portal

Turn tamper protection turned on in the Microsoft Defender portal

  1. Go to the Microsoft Defender portal (https://security.microsoft.com) and sign in.

  2. Choose Settings > Endpoints.

  3. Go to General > Advanced features, and then turn tamper protection on.

Important points to keep in mind

  • Currently, the option to manage tamper protection in the Microsoft Defender portal is on by default for new deployments, as part of built-in protection, which helps guard against ransomware. For existing deployments, tamper protection is available on an opt-in basis. To opt in, in the Microsoft Defender portal, choose Settings > Endpoints > Advanced features > Tamper protection.

  • When you enable tamper protection in the Microsoft Defender portal, the setting is applied tenant wide and restricts tamper-protected settings to their secure defaults. Any changes made to tamper-protected settings are ignored. Depending on your particular scenario, you have several options available:

See also

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.