Edit

Share via


Schedule antivirus scans using Microsoft Intune

Applies to:

Platforms

  • Windows
  • Windows Server

This article describes how to configure scheduled scans using Microsoft Intune. To learn more about scheduling scans and about scan types, see Configure scheduled quick or full Microsoft Defender Antivirus scans.

Configure antivirus scans using Intune

  1. In the Intune admin center, go to Endpoint security > Antivirus > Create Policy. For Platform, select Windows, and for Profile, select Microsoft Defender Antivirus. Then select Create.

  2. On the Basics page, specify a name and description for the policy, and then choose Next.

  3. On the Configuration settings page, expand each group of settings, and configure the settings you want to manage with this policy. For more information about these settings, see Policy CSP - Defender.

    When you're done configuring settings, select Next.

  4. On the Scope tags page, you can either use the default setting, or search for scope tags to assign to the policy. For more information, see Use role-based access control (RBAC) and scope tags for distributed IT.

    When you're done specifying scope tags, select Next.

  5. On the Assignments page, select the users or groups to receive this policy. For more information, see Assign policies in Microsoft Intune.

    When you're done Then select Next.

  6. On the Review + create, review your settings. When you select Save, your changes are saved, and the policy is created and applied.

For more information: Antivirus policy for endpoint security in Intune

Use Intune for scheduling daily quick scans

Description Setting
Schedule Quick Scan Time 720

Note

In this example, a quick scan runs daily on the Windows clients at 12:00 PM. (720). In this example, we use lunch time, since many devices nowadays are turned off after-hours (e.g laptops).

Use Intune for scheduling Weekly Scan (Quick or Full)

Description Setting
Scan Parameter Quick scan (Default)
Schedule Scan Day Windows Clients: Wednesday
Schedule Scan Time Windows Clients: 1020

Note

In this example, a quick scan runs for Windows clients on Wednesdays at 5:00 PM. (1020).

Tip

Our recommendation for scheduled scans is to configure quick scan together with always-on real-time protection and cloud protection, as this combination provides strong coverage against malware that starts with the system and kernel-level malware. This configuration is the default configuration. In general, there's no need to schedule a full scan, and most users never need to manually run full scans (see Comparing quick scan, full scan, and custom scan).

General settings for Scheduled scan to consider:

Description Setting
Check For Signatures Before Running Scan Disabled (Default)
Randomize Schedule Task Times Not configured
Scheduler Randomization Time Scheduled tasks aren't randomized
Avg CPU Load Factor Not Configured (Default, 50)
Enable Low CPU Priority Disabled (Default)
Disable Catchup Full Scan Enabled (Default)
Disable Catchup Quick Scan Disabled (Default)

Note

When you schedule scans for times when endpoints aren't in use, scans don't honor the CPU throttling configuration and takes full advantage of the resources available to complete the scan as fast as possible.

See also