Cloud protection and Microsoft Defender Antivirus

Applies to:

• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender Antivirus

Platforms

• Windows

Next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To identify new threats dynamically, next-generation technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. Cloud protection works together with Microsoft Defender Antivirus to deliver accurate, real-time, and intelligent protection.

Tip

We recommend keeping cloud protection turned on. To learn more, see Why cloud protection should be enabled for Microsoft Defender Antivirus.

How cloud protection works

Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhance standard real-time protection. With cloud protection, next-generation technologies provide rapid identification of new threats, sometimes even before a single endpoint is infected.

The following blog posts illustrate how cloud protection works:

• Get to know the advanced technologies at the core of Microsoft Defender for Endpoint next-generation protection

• Why Microsoft Defender Antivirus is the most deployed in the enterprise

• Behavior monitoring combined with machine learning spoils a massive coin-mining campaign

• How artificial intelligence stopped an "Emotet" outbreak

• Detonating a bad rabbit: Microsoft Defender Antivirus and layered machine learning defenses

• Microsoft Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware

Note

The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. As a cloud service, it is not simply protection for files stored in the cloud; instead, the cloud service uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional security intelligence updates.

How to get cloud protection

Cloud protection is enabled by default. However, you might need to re-enable it if it has been disabled as part of previous organizational policies. To learn more, see Turn on cloud protection.

If your subscription includes Windows 10 E5, you can take advantage of emergency dynamic intelligence updates, which provide near real-time protection from emerging threats. When you turn on cloud protection, fixes for malware issues can be delivered via the cloud within minutes, instead of waiting for the next update. See Configure Microsoft Defender Antivirus to automatically receive new protection updates based on reports from our cloud service.

Next steps

Now that you have an overview of cloud protection in Microsoft Defender Antivirus, here are some next steps:

1. See Why cloud protection should be enabled for Microsoft Defender Antivirus.

2. Proceed to Enable cloud protection

Tip

If you're looking for Antivirus related information for other platforms, see:

• Set preferences for Microsoft Defender for Endpoint on macOS
• Microsoft Defender for Endpoint on Mac
• macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
• Set preferences for Microsoft Defender for Endpoint on Linux
• Microsoft Defender for Endpoint on Linux
• Configure Defender for Endpoint on Android features
• Configure Microsoft Defender for Endpoint on iOS features