Microsoft Defender boosts default protection for all enterprise users

Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company's endpoint security platform.

Once applied, this default set of settings provides better protection for enterprise endpoints against advanced and emerging threats, including ransomware attacks.

"Initially, built-in protection will include turning tamper protection on for your tenant, with other default settings coming soon," Microsoft explains.

Until Redmond rolls out more default protection settings via built-in protection, admins can enable cloud 

This announcement comes after the company began to toggle on tamper protection for all new customers with Defender for Endpoint Plan 2 or Microsoft 365 E5 licenses starting last year.

In September, Redmond added that it would soon enable tamper protection by default on all Microsoft Defender for Endpoint (MDE) onboarded systems, locking Microsoft Defender Antivirus to secure default values and preventing any security settings changes.

"To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal," said Josh Bregman, a Principal Product Manager at Microsoft, at the time.

This is achieved by blocking other apps from changing the settings for real-time and cloud-delivered protection, behavior monitoring, and Defender components like IOfficeAntivirus (IOAV) which handles the detection of suspicious Internet-downloaded files.

Microsoft 365 Defender portal tamper protection banner (Microsoft)

Rolling out to a tenant near you​

Customers who haven't yet configured tamper protection in their enterprise environments will soon receive Microsoft 365 Defender portal notifications alerting them the feature will be turned on.

"Tamper protection will be turned on for your tenant, and will be applied to your organization's Windows devices," Microsoft says on its support portal.

"Whenever new devices are onboarded to Defender for Endpoint, built-in protection settings will be applied to any new devices running Windows."

However, admins can also change their built-in protection settings or choose to opt out:

Microsoft 365 admins can also exclude some devices on the network from tamper protection if there's an app compatibility concern by using Security Management for Defender for Endpoint or creating a profile in Microsoft Endpoint Manager.

Redmond also started rolling out built-in protection to Defender for Office 365 to tenants worldwide in November 2021 to provide the same level of protection from phishing emails to existing and new end users.