This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 94%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Apologies if this has been asked already. We have recently started to use Endpoint manager to deploy Defender. This is working grate. However i am a little confused which order i should be applying settings.
I can see the same settings in various locations. Should i be using configuration profiles or should i be using the settings under endpoint security?
For example. I can turn off Anti Tamper in an Endpoint protection profile or i can create a Windows security experience config under Enpoint security |Antivirus.
Any advice on the correct way/order to do this kind of thing?
The blog at https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/unified-endpoint-security-using-microsoft-endpoint-manager/ba-p/1417736 covers this.
Basically, there is no correct way other than not configuring it in both places as this may create a conflict and may be difficult to troubleshoot. In general, the security baselines are easier to work with and should be preferred but they don't necessarily contain every setting so can be supplemented as or if needed by configuration profiles.
There's a also a (longer) video at https://www.youtube.com/watch?v=f4klwWewXe0 that covers this as well.