Manage Microsoft Defender for Endpoint with Group Policy Objects
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Note
We recommend using Microsoft Intune or Configuration Manager to manage Defender for Endpoint settings. However, you can use Group Policy Objects in Microsoft Entra Domain Services to manage some of your Defender for Endpoint settings.
Configure Microsoft Defender for Endpoint with Group Policy Objects
Note
If you're using the new, unified Microsoft Defender for Endpoint solution for Windows Server 2012 R2 and 2016, please ensure you are using the latest ADMX files in your central store to get access to the correct Microsoft Defender for Endpoint policy options. Please reference How to create and manage the Central Store for Group Policy Administrative Templates in Windows and download the latest files for use with Windows 10.
The following table lists various tasks you can perform to configure Microsoft Defender for Endpoint with Group Policy Objects.
| Task | Resources to learn more |
|---|---|
| Manage settings for user and computer objects Customize built-in Group Policy Objects, or create custom Group Policy Objects and organizational units to suit your organizational needs. |
Administer Group Policy in a Microsoft Entra Domain Services managed domain |
| Configure Microsoft Defender Antivirus Configure antivirus features & capabilities, including policy settings, exclusions, remediation, and scheduled scans on your organization's devices (also referred to as endpoints). |
Use Group Policy settings to configure and manage Microsoft Defender Antivirus Use Group Policy to enable cloud-delivered protection |
| Manage your organization's attack surface reduction rules Customize your attack surface reduction rules by excluding files & folders, or by adding custom text to notification alerts that appear on users' devices. |
Customize attack surface reduction rules with Group Policy Objects |
| Manage exploit protection settings You can customize your exploit protection settings, import a configuration file, and then use Group Policy to deploy that configuration file. |
Customize exploit protection settings Import, export, and deploy exploit protection configurations Use Group Policy to distribute the configuration |
| Enable Network Protection to help prevent employees from using apps that malicious content on the Internet We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out. |
Turn on network protection using Group Policy |
| Configure controlled folder access to protect against ransomware Controlled folder access is also referred to as antiransomware protection. |
Enable controlled folder access using Group Policy |
| Configure Microsoft Defender SmartScreen to protect against malicious sites and files on the internet. | Configure Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings using Group Policy |
| Configure encryption and BitLocker to protect information on your organization's devices running Windows | BitLocker Group Policy settings |
| Configure Microsoft Defender Credential Guard to protect against credential theft attacks | Enable Windows Defender Credential Guard by using Group Policy |
Configure your Microsoft Defender portal
If you haven't already done so, configure your Microsoft Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See Microsoft Defender XDR. You can also configure whether and what features end users can see in the Microsoft Defender portal.
Next steps
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Submit and view feedback for