Defender for Endpoint and policy changes

Wilson29184 11 Reputation points
2022-09-13T12:18:26.887+00:00

Hello,

I'm currently testing Defender as our AV solution to replace a 3rd party one. I have the connection to Intune setup and I've onboarded my test devices.

I've also created an AV policy including a daily full scan at 10am.

It's now almost 5pm, in the Defender portal my device doesn't show that it's run a full scan today (force by the policy). If I look in my local security center, I can see the scan did run.

Is there a delay in the communications between the client and the portal? Other settings (like adding our support team's details to the local security center) synced quickly.

I'm just concerned that this will be an unreliable solution if scan data isn't reflected in the portal promptly.

update I'm actually posting this a day later (13th) and my machine hasnt ran a full scan at 10 like it should.

240574-image.png
240500-image.png
thank you

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,351 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,856 Reputation points Microsoft Employee
    2022-09-13T12:26:52.53+00:00

    Where are you looking in the MDE portal? I recommend filtering the device timeline for Antivirus events.

    MDAV runs real-time scans. Scheduled scans are less important. The general recommendation is to run quick scans weekly.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.