Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
Microsoft Defender for Business
Microsoft Defender Antivirus
Platforms
- Windows
- Windows Server
This article describes how to configure scheduled scans using Microsoft Intune. To learn more about scheduling scans and about scan types, see Configure scheduled quick or full Microsoft Defender Antivirus scans.
Configure antivirus scans using Intune
In the Intune admin center, go to Endpoint security > Antivirus > Create Policy. For Platform, select Windows, and for Profile, select Microsoft Defender Antivirus. Then select Create.
On the Basics page, specify a name and description for the policy, and then choose Next.
On the Configuration settings page, expand each group of settings, and configure the settings you want to manage with this policy. For more information about these settings, see Policy CSP - Defender.
When you're done configuring settings, select Next.
On the Scope tags page, you can either use the default setting, or search for scope tags to assign to the policy. For more information, see Use role-based access control (RBAC) and scope tags for distributed IT.
When you're done specifying scope tags, select Next.
On the Assignments page, select the users or groups to receive this policy. For more information, see Assign policies in Microsoft Intune.
When you're done Then select Next.
On the Review + create, review your settings. When you select Save, your changes are saved, and the policy is created and applied.
For more information: Antivirus policy for endpoint security in Intune
Use Intune for scheduling daily quick scans
| Description | Setting |
|---|---|
| Schedule Quick Scan Time | 720 |
Note
In this example, a quick scan runs daily on the Windows clients at 12:00 PM. (720). In this example, we use lunch time, since many devices nowadays are turned off after-hours (e.g laptops).
Use Intune for scheduling Weekly Scan (Quick or Full)
| Description | Setting |
|---|---|
| Scan Parameter | Quick scan (Default) |
| Schedule Scan Day | Windows Clients: Wednesday |
| Schedule Scan Time | Windows Clients: 1020 |
Note
In this example, a quick scan runs for Windows clients on Wednesdays at 5:00 PM. (1020).
Tip
Our recommendation for scheduled scans is to configure quick scan together with always-on real-time protection and cloud protection, as this combination provides strong coverage against malware that starts with the system and kernel-level malware. This configuration is the default configuration. In general, there's no need to schedule a full scan, and most users never need to manually run full scans (see Comparing quick scan, full scan, and custom scan).
General settings for Scheduled scan to consider:
| Description | Setting |
|---|---|
| Check For Signatures Before Running Scan | Disabled (Default) |
| Randomize Schedule Task Times | Not configured |
| Scheduler Randomization Time | Scheduled tasks aren't randomized |
| Avg CPU Load Factor | Not Configured (Default, 50) |
| Enable Low CPU Priority | Disabled (Default) |
| Disable Catchup Full Scan | Enabled (Default) |
| Disable Catchup Quick Scan | Disabled (Default) |
Note
When you schedule scans for times when endpoints aren't in use, scans don't honor the CPU throttling configuration and takes full advantage of the resources available to complete the scan as fast as possible.