Enable tamper protection remotely without using Intune

Question

I have asked this question in the general forums but have not received a sufficient response to my question. I work for an MSP; we manage thousands of machines and utilize Labtech as our endpoint manager.

Is there a way to enable tamper protection for a machine/bulk machines without using Intune or the Defender UI? It really does not make sense that I can just flip a switch in the Defender UI and it's all set, but I cannot invoke commands via PowerShell or make changes to the registry remotely to accomplish this task.

Any and all help would be appreciated. Thank you.

Answer 1

Hi Matthew Robles,

Thanks for the post. Despite of the Microsoft Intune, you can also try to use Configuration Manager or Configuration Manager with tenant attach.

Method 1, protect Microsoft Defender Antivirus exclusions from tampering if you're using Intune only or Configuration Manager only. See Tamper protection for antivirus exclusions.

Method 2, turn tamper protection on (or off), tenant wide, or apply tamper protection to some users/devices. You can exclude certain devices from tamper protection. See Manage tamper protection for your organization using tenant attach with Configuration Manager, version 2006.

Here are all the available methods provided by Microsoft, just for your reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide#how-do-i-configure-or-manage-tamper-protection

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.