Manage Microsoft Defender for Endpoint with Group Policy Objects

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.


We recommend using Microsoft Intune or Configuration Manager to manage Defender for Endpoint settings. However, you can use Group Policy Objects in Microsoft Entra Domain Services to manage some of your Defender for Endpoint settings.

Configure Microsoft Defender for Endpoint with Group Policy Objects


If you're using the new, unified Microsoft Defender for Endpoint solution for Windows Server 2012 R2 and 2016, please ensure you are using the latest ADMX files in your central store to get access to the correct Microsoft Defender for Endpoint policy options. Please reference How to create and manage the Central Store for Group Policy Administrative Templates in Windows and download the latest files for use with Windows 10.

The following table lists various tasks you can perform to configure Microsoft Defender for Endpoint with Group Policy Objects.

Task Resources to learn more
Manage settings for user and computer objects

Customize built-in Group Policy Objects, or create custom Group Policy Objects and organizational units to suit your organizational needs.
Administer Group Policy in a Microsoft Entra Domain Services managed domain
Configure Microsoft Defender Antivirus

Configure antivirus features & capabilities, including policy settings, exclusions, remediation, and scheduled scans on your organization's devices (also referred to as endpoints).
Use Group Policy settings to configure and manage Microsoft Defender Antivirus

Use Group Policy to enable cloud-delivered protection
Manage your organization's attack surface reduction rules

Customize your attack surface reduction rules by excluding files & folders, or by adding custom text to notification alerts that appear on users' devices.
Customize attack surface reduction rules with Group Policy Objects
Manage exploit protection settings

You can customize your exploit protection settings, import a configuration file, and then use Group Policy to deploy that configuration file.
Customize exploit protection settings

Import, export, and deploy exploit protection configurations

Use Group Policy to distribute the configuration
Enable Network Protection to help prevent employees from using apps that malicious content on the Internet

We recommend using audit mode at first for network protection in a test environment to see which apps would be blocked before rolling out.
Turn on network protection using Group Policy
Configure controlled folder access to protect against ransomware

Controlled folder access is also referred to as antiransomware protection.
Enable controlled folder access using Group Policy
Configure Microsoft Defender SmartScreen to protect against malicious sites and files on the internet. Configure Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings using Group Policy
Configure encryption and BitLocker to protect information on your organization's devices running Windows BitLocker Group Policy settings
Configure Microsoft Defender Credential Guard to protect against credential theft attacks Enable Windows Defender Credential Guard by using Group Policy

Configure your Microsoft Defender portal

If you haven't already done so, configure your Microsoft Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See Microsoft Defender XDR. You can also configure whether and what features end users can see in the Microsoft Defender portal.

Next steps


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.