How to manage Windows Defender with Group Policy

Users must protected from any thread that can harm the company but at the same time IT Pro must be sure that users can't change configurations of any critical system or application that can cause serious problem in operation or in the security of the company.

Windows Defender is the anti malware solution of Microsoft which built in into Windows 8 and newer operating system.

Last years Microsoft has done an impressive progress in the security included Windows Defender.

Anti-malware solutions from Symantec,Karpersky,McAffee and other big companies it's more accurate for advance cybersecurity solution but small companies without lots of sensitive data can use Windows Defender for protection.

I don't want to say that must replace any advance solution with Windows Defender but if you need a basic protection in your environment you can use it.

Today i would like to explain you how can manage Windows Defender from a Group Policy to avoid any misconfiguration from your users.

Group Policy of Windows Defender has a lot of options that can change that maybe it's useful for some of them.

For those that interesting for more details you can read the article from Microsoft Docs

Use Group Policy settings to configure and manage Microsoft Defender Antivirus

Before start to configure Group Policy for the Windows Defender the Domain Controller must be Windows Server 2016 or newer

  • Login in the Domain Controller
  • Open the Group Policy Management Console
  • Expand the Computer Configuration -- Policies -- Administrative Templates -- Windows Components -- Windows Defender
  • From the right side you can see a lot lot options that can use for your GPO.
  • But i will help you to enable at least the most important policies in order to keep Windows Defender up to date , Workstation and Laptops protected and protection from any acciddentaly change of the Windows Defender settings in the Workstations.
  • So Let's start
  • From the right side you can configure the Turn Off Windows Defender to Disable
    • Protect the Windows Defender in any Workstation to disabled accidentally


  • Click on Network Inspection and change the Turn on definition retirement to Enable


  • In the Real Time Protection do the following changes
    • Turn Off Real time protection to Disable
    • Scan all Download Files and attachments to Enable
    • Monitoring File and program activity on a computer  to Enable


  • In the Scan do the following changes
    • Check for a latest virus and spyware definitions before running a schedule scan to Enable
    • Allow users to pause a scan to Disable
    • Specify the day of the week to run a schedule scan change base on your requirements
    • Specify the time of day to run a schedule scan change it base on your requirements



  • In the Signature updates do the following changes
    • Define the number of days before spyware definitions are considered out of date to Enable add 2 or 3 days as recommendation
    • Define the number of days before virus definitions are considered out of date to Enable and add 2 or 3 days as recommendation
    • Allow definitions updates when running on battery mode to Enable
    • Specify the time to check for definition updates change it base on your requirements


Proceed with Gpupdate or Group Policy Update from Group Policy Management Console if you have a lot of Workstations and that's it

I know your Next Question.

All is good but how can centralize and inform me in case of any infection?

Stay tune and wait until my next article.

Have a nice weekend !!

I invite you to follow me on Twitter , Google+ or Facebook. If you have any questions, send email to me at



Disqus Comments