Cloud protection and Microsoft Defender Antivirus

Applies to:


  • Windows

Next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To identify new threats dynamically, next-generation technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. Cloud protection works together with Microsoft Defender Antivirus to deliver accurate, real-time, and intelligent protection.

Diagram showing how cloud protection works together with Microsoft Defender Antivirus


We recommend keeping cloud protection turned on. To learn more, see Why cloud protection should be enabled for Microsoft Defender Antivirus.

How cloud protection works

Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhance standard real-time protection. With cloud protection, next-generation technologies provide rapid identification of new threats, sometimes even before a single endpoint is infected.

The following blog posts illustrate how cloud protection works:


The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. As a cloud service, it is not simply protection for files stored in the cloud; instead, the cloud service uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional security intelligence updates.

How to get cloud protection

Cloud protection is enabled by default. However, you might need to re-enable it if it has been disabled as part of previous organizational policies. To learn more, see Turn on cloud protection.

If your subscription includes Windows 10 E5, you can take advantage of emergency dynamic intelligence updates, which provide near real-time protection from emerging threats. When you turn on cloud protection, fixes for malware issues can be delivered via the cloud within minutes, instead of waiting for the next update. See Configure Microsoft Defender Antivirus to automatically receive new protection updates based on reports from our cloud service.

Next steps

Now that you have an overview of cloud protection in Microsoft Defender Antivirus, here are some next steps:

  1. See Why cloud protection should be enabled for Microsoft Defender Antivirus.

  2. Proceed to Enable cloud protection