This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 38%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWC%3C/text%3E%3C/svg%3E)
I am managing 142 Windows 10/11 machines in our retail stores and they are all Azure AD joined. I am in the progress of rolling out the first batch of 10 machines. By default, we have a policy set up under Devices > Compliance Policies. See FIG 1.
FIG 1.
The settings inside the policy have been set up that way for almost a year, and machines have been deployed via Intune Autopilot fine and marked as "Complaint" green checkmark afterward. However, most of the devices were marked as "Noncompliant" red cross after I rolled out an Intune App (Malwarebytes workstation agent) yesterday.
See FIG 2.
FIG 2.
I am pretty sure that is due to some of the Microsoft Defender built-in services listed in the above images under "System Security" on Windows 10/11 getting disabled after the third-party antivirus agent like Malwarebytes was installed, and those services have been configured as "Require" in the Compliance Policy settings.
Please advise what would be the best practice in this situation. Should I just reconfigure all those services back to "Not Configured"? If yes, please be specific about which particular ones should be changed.
Besides, I know we do have a certain protection level of Microsoft 365 security licenses included for our Microsoft 365 licenses. We made a decision to install Malwarebytes on top of them because we have been having luck with protecting all our on-prem Windows servers and workstations. Would that be a waste you think? How to determine what exactly the level of Microsoft 365 security we have? When I look at our Microsoft 365 Security portal. See FIG 3.
FIG 3.
It appears there are tons of goodies and monitors that could help our insight into the security posture of our Microsoft 365. I don't want to waste them. Are the info and monitors in the portal continue to be valid and useful to us even though we have rolled out Malwarebytes agents?
Also, how do I determine what Microsoft 365 Security or Microsoft Defender 365 (whatever the term is appropriate) license we currently have? Where to check?
Thank you very much for your answers in advance!
Woody
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Woody Chiu at RASI, Thanks for pasting in Q&A. Based as I know, for the setting such as Antivirus, Antispyware: will check the compliance that are registered with Windows Security Center. For "Microsoft Defender Antimalware", it turns on the Microsoft Defender anti-malware service.
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
From your description, it seems Microsoft Defender built-in services will be disabled after third-party antivirus agent like Malwarebytes was installed, IF so, the compliance policy will consider the device as not compliant. To fix the issue, I think we can click on one non-compliant device, choose "device Compliance", then click on the affected policy to see the detailed non-compliance setting. Then change these settings to not configure. After the device check in, check if the status changed.
To check what subscription and license in your environment, you can go to Microsoft 365 admin center, ‘Services & Subscriptions’ section, you can find current Microsoft 365 services and the license type
https://toolingant.com/how-to-check-microsoft-365-license/
Note: Non-Microsoft link, just for your reference.
I notice you have other questions with "Microsoft 365 security" and Microsoft Defender 365 which we are not familiar. You can contact Microsoft 365 or Microsoft Defender support in the following link to get more help.
Microsoft 365 community
Microsoft Defender for Endpoint support
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I talked to Malwarebytes. They said there should be a way to keep Microsoft Defender's Real-Time Protection active mode rather than passive mode which makes a machine become non-compliant in response to detecting a third-party AV agent installation in the system.
Since Malwarebytes told me their scanning agent is smart to detect if Microsoft Defender is currently doing RTP and will avoid running RTP at the same, I want to keep Microsoft Defender active even with a Third-party AV agent like MWB is installed.
Do you know where exactly in Mircosoft 365 Defender Admin portal where I can set the MD RTP to continue to be active even after a third-party AV agent is running in a machine?
Thanks,
Woody
@Woody Chiu at RASI Thanks for the reply. For the Defender related question I am not familiar. But you can contact Defender support in the following link to get help on this.
Microsoft Defender for Endpoint support