Category: Troubleshoot updates in Intune

App Categories within Intune – Manage applications

An organization with many apps can become overwhelming for users. To help users find an app in the company portal, you can assign apps to one or more categories, such as Accounting apps or Marketing apps.
When adding apps, you can assign a category in Intune using the following procedure:

  1. Sign in to the Microsoft Intune admin center as a Global Administrator.
  2. Select Apps, then select App categories.
  3. The App categories pane displays a list of current categories.
  4. To add a category, select Add in the Create category pane, and then provide a name for the category.
  5. To edit a category, select the ellipsis (…) next to the category, and then select Pin to dashboard or Delete.
  6. Select Create.

Add Android store apps to Microsoft Intune
Use the following procedure to add an Android store app to Intune:

  1. Sign in to the Microsoft Intune admin center as a Global Administrator.
  2. Select Apps > All apps > Add.
  3. In the Select app type pane, under Store app, select Android store app.
  4. Click Select.
  5. To configure the app information for the Android app, you must provide the Google Play store’s app details. (The Google Play store is located at https://play.google.com.)
  6. In the App information page, add the app details, as shown in Figure 4-18:
    • Name
    • Description
    • Publisher
    • Appstore URL
    • Minimum operating system
    • Category (Optional)
    • Show this as a featured app in the Company Portal
    • Information URL (Optional)
    • Privacy URL (Optional)
    • Developer (Optional)
    • Owner (Optional)
    • Notes (Optional)
    • Logo (Optional)

FIGURE 4-18 Adding a Windows 10 Line-of-business app

  1. Select Next.
  2. On the Assignments page, select the group assignments for the append and select Next.
  3. On the Review + create page, review the values and settings you entered for the app and select Create to add the app to Intune.
  4. The app’s Overview blade is displayed.

Configure policies for Office apps by using Group Policy or Intune – Manage applications-1

Once you have deployed Microsoft 365 apps to your users, you might need to fine-tune the configuration or deploy policies. You can apply specific Microsoft Office app policies using Intune or Group Policy.

You will see how both solutions are implemented with specific management examples.

Configure policies for Office apps by using Group Policy

With Group Policy, you choose from hundreds of available policies that can be set locally on a Windows device or applied on Windows devices across your whole enterprise using Group Policy with the Microsoft Office administrative templates.

To manage Microsoft Office with Group Policy, you need to install the Administrative Template files for Microsoft Office, which contain the specific GPOs that allow you to configure settings for all supported versions of Microsoft Office, including Microsoft 365 apps.

The Administrative Templates (ADMX/ADML) for Microsoft Office and Microsoft 365 are not installed by default, so you first need to download the latest Administrative Template files from https://www.microsoft.com/en-us/download/details.aspx?id=49030. The Administrative Templates files define the available Group Policy settings.

The Group Policy Administrative Template is supported by Windows 8.1 and later and works with the following Office programs:

  • Microsoft 365 Apps for enterprise.
  • Desktop versions of Project and Visio (subscription plans only).
  • Volume licensed versions of Office LTSC 2021, Project 2021, and Visio LTSC 2021 (such as Office LTSC Professional Plus 2021, Project Standard 2021, and Visio LTSC Professional 2021).
  • Volume licensed versions of Office 2019, Project 2019, and Visio 2019 (such as Office Standard 2019 and Visio Professional 2019.).
  • Volume-licensed versions of Office 2016, Project 2016, and Visio 2016 (such as Office Professional Plus 2016 and Project Standard 2016).

Once you have downloaded the Administrative Templates, you need to extract the files by executing the file as an administrator. The files must be copied to your Central Store for Group Policy Administrative Templates on your domain controller. The Administrative Templates must be placed in the local domain controller store if you only have one domain controller.

It is recommended to copy all the ADMX files so that you have access to all the policies. Add the downloaded ADMX files to your domain controller using the following procedure.

  1. Copy all the downloaded ADMX files, as shown in Figure 4-13.

FIGURE 4-13 Adding ADMX files

  1. Copy and paste the ADMX files to your domain controller at C:\Windows\PolicyDefinitions.
  2. Allow File Manager to overwrite the files. If prompted, select Yes to All. Overwriting the ADMX files makes the latest Microsoft Office and Microsoft 365 Policy settings available.
  3. Repeat this task for the ADML language files. You can copy all the files or just the language folders you want. For example, you could select only the en-Us language (English – United States) folder, select all the files in the folder, and choose Copy.
  4. Paste the ADML files to your domain controller at C:\Windows\PolicyDefinitions.

Using the Office Customization Tool – Manage applications

The Office Customization Tool offers a web-based interface that creates configuration files that you can use to deploy Office at scale. Like the ODT, you can define which applications and languages are installed and how the Office applications will be updated.

To use the Office Customization Tool, as shown in Figure 4-5, go to https://config.office.com/deploymentsettings and optionally sign in using a Global Administrator account.

FIGURE 4-5 Configuring Office using the Office Customization Tool

Within the Office Customization Tool, you will choose the products, languages, and application preferences to configure. For example, you can configure the following settings.

  • 64-bit German version of Microsoft 365 Apps
  • All Microsoft 365 Apps except Access
  • Automatically accept the EULA

Microsoft recommends that you uninstall any previous versions of Office before installing volume-licensed versions of Office 2019 or 2021 products. When using the Office Deployment Tool, you can use the RemoveMSI element in your configuration.xml file to uninstall versions of Office that use the Windows Installer installation technology.
Follow these steps to create a configuration file using the Office Customization Tool that can be used to install a customized version of Office.

  1. Launch the Office Customization Tool at https://config.office.com/deploymentsettings and sign in as a Global Administrator.
  2. In the Product and releases section, choose the architecture you want to deploy—either the 32-bit or 64-bit version of Office. You can deploy one architecture per configuration file.
  3. Choose the products and apps you want to deploy. You can choose Office Suites, Visio, Project, and other products such as Skype for Business Basic 2019 and Language Packs.
  4. Choose the update channel, which will be determined by the products you select in Step 3.
  5. Choose which version you want to deploy. Typically, this is the latest available version. Use the toggles under the Turn apps on or off to include or exclude them from being deployed section to select the desired apps and select Next.
  6. In the Language section, choose which primary language you require. You can include additional languages. You can use the option to Match Operating System, which will automatically install the same languages used on the client device. Select Next.
  7. In the Installation section, choose whether to install the Office files directly or from the cloud:
    • Office Content Delivery Network (CDN) from a location on your network
    • Local source
    • Microsoft Endpoint Configuration Manager
  8. Choose whether the installation is displayed to the users and whether the process can shut down any running applications. Select Next.
  9. In the Update and upgrade section, choose whether to install the Office files directly or from the cloud:
    • Office Content Delivery Network (CDN) from a location on your network.
    • Local source
    • Microsoft Endpoint Configuration Manager
  10. Choose whether the installation process will automatically check for updates.
  11. In the Upgrade section, choose whether to uninstall all MSI-versions of Office, including Visio and Project, and whether to automatically install the same language versions as the removed MSI-version of Office. Select Next.
  12. In the Licensing and activation section, choose between User based, Shared Computer, and Device based licensing. Select Next.
  13. In the General section, you can provide your organization name and a description that will populate the Company property on Office documents. Select Next.
  14. In the Application preferences section, choose what preferences to apply for when deploying Office. There are more than 30 options to fine-tune the behavior of Office. Most settings can be configured or set to True, False, or Not configured.
  15. Select Finish. You can review the configured settings in the right-hand pane throughout the configuration process.
  16. Once complete, you can select Export. Before creating the file, you must specify the default file format that Office uses or choose Keep Current Settings to keep the current settings. File formats can be either Office Open XML formats or OpenDocument formats. Select OK.
  17. Accept the terms in the license agreement, then provide a name for the configuration file, and then select Export.
    After creating the configuration files, you can now use the file in your deployment workflow with the Office Deployment Tool or another software distribution solution.

Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard – Manage, maintain, and protect devices

The Microsoft Defender Vulnerability Management Dashboard in Microsoft 365 Defender provides a wide variety of useful information that can help you identify issues and respond to those issues. Figure 3-64 displays a typical dashboard for an enterprise organization.

FIGURE 3-64 Reviewing the Microsoft Defender Vulnerability Management Dashboard

Use the information summary in Table 3-20 to determine how to use the Microsoft Defender Vulnerability Management Dashboard.

TABLE 3-20 The features and elements in the Microsoft Defender Vulnerability Management Dashboard

AreaDescription
Selected device groups (#/#)Enables you to filter the data you want to review.
Organization exposure scoreDisplays a headline figure that indicates your organization’s device exposure to threats and vulnerabilities. Click Improve score to review insights that can help you improve the score and your security posture.
Microsoft Secure Score for DevicesEnables you to review the security relating to your organization’s operating system, applications, network, accounts, and security controls. Again, you can use the Improve score link to review insights and suggestions for improvements in this area.
Device exposure distributionDisplays the number of devices that are exposed to threats based on their configuration. Presented graphically as a doughnut chart. By selecting sections of the chart, you can review
•Device names
•Exposure level and risk levels
•Details such as operating system, health state, and tags
Expiring certificatesDisplays a list of expired certificates or those imminently expiring in the next 30, 60, or 90 days.
Top security recommendationsReview top recommendations for improving the security posture of your organization’s devices.
Top vulnerable softwareReview your software inventory. Identify those apps with security vulnerabilities.
Top remediation activitiesReview the security remediations that are recommended in one convenient location. This enables you to track changes as you make them more easily.
Top exposed devicesReview devices and their details that have a high security exposure score. From Device details, you can
•Manage tags
•Initiate automated investigations
•Initiate a live response session
•Collect an investigation package
•Run antivirus scan
•Restrict app execution
•Isolate devices

Need More Review? Dashboard Insights

To learn more about the dashboard in Microsoft Defender, refer to the Microsoft website at https://learn.microsoft.com/microsoft-365/security/defender-vulnerability-management/tvm-dashboard-insights.

Chapter summary

  • Intune device configuration policies are used to configure device settings using MDM.
  • Intune can deploy PowerShell scripts to Windows devices using an MDM extension. This allows administrators to deploy Win32 apps if required.
  • Scope tags are used to assign and filter Intune policies to specific Azure AD groups.
  • You can configure custom policies with Intune by configuring an Open Mobile Alliance Uniform Resource Identifier (OMA-URI) policy.
  • Microsoft Defender Credential Guard requires a TPM and virtualization features to be enabled in a 64-bit edition of either Windows 11 Enterprise or Windows 11 Education.
  • Microsoft Defender Exploit Guard consists of four components: Exploit Protection, Attack Surface Reduction Rules, Network Protection, and Controlled Folder Access.
  • Microsoft Defender Application Guard has similar requirements to Credential Guard, enabling you to open new browser windows in a virtualized environment.
  • Microsoft Defender Application Control lets you determine which apps are safe to run in your organization.
  • Most of these Windows Defender features are managed through Windows PowerShell, Group Policy, and Microsoft Intune.
  • Automatic enrollment lets you enroll Windows devices when they register with or join Azure AD.
  • Device Enrollment Manager Accounts enable a specified account to enroll up to 1,000 devices.
  • There are a number of ways to enroll Windows devices:
    • Add a Work Or School account
    • Enroll In MDM Only (user-driven)
    • Azure AD Join during OOBE
    • Azure AD Join using Windows Autopilot
    • Enroll In MDM only (using a Device Enrollment Manager)
    • Azure AD Join using bulk enrollment
  • To enroll Android and iOS devices, you can download the Company Portal app from the relevant device store and sign in to the app using an organizational or school account.
  • Log Analytics requires an Azure subscription.
  • Windows Update Delivery Optimization is a method of peer-to-peer sharing of Windows update files.
  • Administrators can use Intune to centrally configure and manage Windows Update behavior and Windows Update Delivery Optimization settings.
  • Scope tags enable you to more specifically target the application of configuration profiles.
  • You can configure Kiosk mode by using the Settings app and by using Intune.
  • The Microsoft Tunnel for Intune enables iOS and Android devices to access your on-premises resources and apps.
  • You can use Endpoint analytics to gain insights into Startup Performance, Proactive remediations, Recommended software, and Application reliability.
  • You configure the application of updates for iOS, macOS, and Windows by using update rings in Intune.
  • You configure the application of updates for Android by using a Device Restrictions configuration profile.
  • Microsoft Defender Exploit Guard provides four functions: Exploit protection, Attack surface reduction rules, Network protection, and Controlled folder access.

Update a profile – Manage, maintain, and protect devices

If you create a profile on an earlier baseline and Microsoft releases a newer version of that baseline, you might decide to update the profiles. However, existing profiles do not update automatically.

In fact, profiles using an older version of a baseline become read-only. They can still be used to secure your devices, and you can edit their name, description, and assignments. But you should consider updating them to the new baseline.

If Microsoft releases a baseline update, you can choose to update the baseline version used for a profile. You do this by using the following procedure:

  1. In the Microsoft Intune admin center, navigate to Endpoint security.
  2. Select Security baselines.
  3. Select the appropriate baseline.
  4. Select the check box next to the target profile.
  5. Click Change Version on the toolbar (see Figure 3-63).

FIGURE 3-63 Changing the version for a security profile based on a baseline

  1. If a new baseline is available (none are in the screenshot), then choose either
    • Accept baseline changes but keep my existing setting customizations
    • Accept baseline changes and discard existing setting customizations
  2. Click Submit.
    Need More Review? Use Security Baselines to Configure Windows Devices in Intune
    To review further details about managing security baselines, refer to the Microsoft website at https://learn.microsoft.com/mem/intune/protect/security-baselines.

Onboard devices to Defender for Endpoint

Microsoft Defender for Endpoint (formerly Windows Defender Advanced Threat Protection) is a security platform built into Windows 11 and integrated with Microsoft cloud-based security services. Microsoft Defender for Endpoint integrates many of the security features we have already discussed to help you secure your devices.

Requirements

To use Microsoft Defender for Endpoint, you require one of the following Microsoft Volume licensing options:

  • Windows 10/11 Enterprise E5
  • Windows 10/11 Education A5
  • Microsoft 365 E5 (M365 E5), which includes Windows 11 Enterprise E5
  • Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 Security
  • Microsoft Defender for Endpoint

The Portal

You use the Microsoft 365 Defender portal to manage Microsoft Defender for Endpoint settings and to view reports and alerts. You can access the portal at https://securitycenter.windows.com.

Need More Review? Microsoft Defender for Endpoint Portal Overview

To learn how to use the portal, refer to the Microsoft website at https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-security-center-mde.

Implement and manage security baselines in Microsoft Intune – Manage, maintain, and protect devices

Implementing security and related settings is one of the more important tasks you’ll need to perform. As discussed, Microsoft has begun consolidating the security-related settings into a single Intune: Endpoint security folder.

Here, you’ll find options to manage the various security settings we’ve been discussing. But you’ll also find a link to review security baselines.

You can use the security baselines to manage and monitor the security status of enrolled devices within your organization. By default, there are three security baselines, as shown in Figure 3-61:

  • Security Baseline for Windows 10 and later
  • Microsoft Defender for Endpoint Baseline
  • Microsoft Edge Baseline
  • Windows 365 Security Baseline

FIGURE 3-61 Configuring Security Baselines in Intune

The security baselines provide preconfigured groups of settings that enable you to configure security on your devices more easily. When you create and apply a security baseline profile, you create multiple device configuration profiles.

Periodically, Microsoft releases new baselines. When viewing profile details, the baseline used is identified in the Current Baseline column, displayed in Figure 3-62.

FIGURE 3-62 Reviewing versions for a security baseline

Create a profile

To create a profile based on a security baseline, use the following procedure:

  1. In the Microsoft Intune admin center, select Endpoint security in the navigation pane.
  2. Select Security baselines, and then select the appropriate baseline.
  3. Select the Profiles tab, and then select Create profile.
  4. On the Create profile page, on the Basics tab, enter the Name and Description and select Next.
  5. On the Configuration settings tab, configure the appropriate settings. These will vary based on the baseline you select. When you’ve completed the configuration, select Next.
  6. Optionally, use the Scope tags tab to scope the profile, select Next, and then assign the profile in the usual way.
  7. Select Next, and then on the Review + create tab, select Create.

Your profile displays in the list of profiles. Notice that the Current Baseline column indicates the baseline used to create the profile.

Setup and onboarding – Manage, maintain, and protect devices

To onboard your devices, use the following procedure:

  1. In the Microsoft Intune admin center, navigate to Endpoint security.
  2. Select Microsoft Defender for Endpoint.
  3. In the Details pane, click the link for Connect Microsoft Defender for Endpoint to Microsoft Intune in the Microsoft Defender Security Center.
  4. In Microsoft 365 Defender, select Settings > Endpoints >Advanced features.
  5. Turn on the Microsoft Intune connection.
  6. Click Save preferences.

After you’ve enabled the connection, Microsoft 365 Defender sends an onboarding configuration package to Intune. Deploy this package to your Windows devices. Alternatively, you can create and assign an Endpoint detection and response profile from Endpoint security in Intune. Use the following procedure:

  1. In the Microsoft Intune admin center, navigate to Endpoint security.
  2. Select Endpoint detection and response.
  3. In the details pane, click Create Policy.
  4. On the Create a profile page, in Platform, select Windows 10 and later.
  5. In the Profile, select Endpoint detection and response, and then select Create.
  6. On the Basics tab, enter a Name and Description and click Next.
  7. On the Configuration settings page, in the Microsoft Defender for Endpoint client configuration package type list, choose the appropriate file type, and then browse and select the onboarding file. Click Next.
  8. Configure scope tags and assignments, and then Create the profile.

Need More Review? Configure Microsoft Defender for Endpoint in Intune

To learn more about setup and onboarding, refer to the Microsoft website at https://learn.microsoft.com/mem/intune/protect/advanced-threat-protection-configure.

Implement automated response capabilities in Defender for Endpoint

Microsoft Defender for Endpoint provides numerous capabilities that can help you secure your endpoint devices. Table 3-19 describes some of these capabilities.

TABLE 3-19 Capabilities of Microsoft Defender for Endpoint

CapabilityDescription
Attack surface reductionImplementing several Windows Defender ATP features helps reduce the attack surface of a computer, its applications, and the data it consumes.
Endpoint detection and responseContinuously monitors your organization’s endpoints for possible attacks against devices or networks in your organization and provides the features you can use to mitigate and remediate threats.
Automated investigation and remediationOffers automatic investigation and remediation capabilities that help reduce the volume of alerts and actions an administrator needs to perform to fix breaches.
Secure scoreEnables you to assess the security posture of your organization and identify devices that might need attention, as well as recommendations for actions to improve your score
Management and APIsProvides a means for you to interact with the platform by providing APIs.

Need More Review? Overview of Microsoft Defender for Endpoint Capabilities

To learn more about the capabilities of Microsoft Defender for Endpoint, refer to the Microsoft website at https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint.

Thought experiment – Manage, maintain, and protect devices

In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers in the section that follows.

Scenario 1

Your organization has 500 employees and has implemented a bring-your-own-device (BYOD) strategy that enables users to use their personal mobile phones and tablets for corporate purposes as long as they comply with company policy regarding security and management features. After consulting an employee survey, you find that the users in your organization have iOS, Android, or Windows 11 devices.

  1. What technology should you use to manage the devices?
  2. You want to simplify enrollment for your Windows device users. What should you do?
  3. To support your iOS devices, what additional step is required to enable MDM?

Scenario 2

Like many large organizations, security is a big concern at Contoso. You decide to implement MDM with Intune to help to manage and secure your users’ devices.

  1. What feature of Intune could you use to verify the current status of Microsoft Defender on your users’ Windows 11 devices?
  2. You want to be able to configure Microsoft Defender Application Guard settings for enrolled Windows 11 devices. How can you achieve this in Intune?
  3. You don’t want users with Android devices to be able to enroll them. How could you enforce this restriction?

Scenario 3

Adatum Corporation uses Microsoft 365 and has implemented Windows 11 Enterprise for all devices. You configure Windows Update and deploy update rings using Microsoft Intune.

Answer the following questions for your manager:

  1. Two remote offices are in an area with poor Internet bandwidth, and the IT team is concerned that operational requirements might be difficult to maintain. What measure could you implement for the devices located at the remote locations to reduce bandwidth consumption from Windows updates?
  2. Windows updates received by the head office devices are consuming too much of the available bandwidth. Users are reporting that access to the Internet is slow. What settings can you configure within Microsoft Intune to help relieve congestion at the head office?
  3. Your Compliance Manager has received confirmation that your regulatory body has approved Windows 11 Enterprise, version 22H2 as being compliant. You need to ensure that all devices use only this version of Windows until the Compliance Manager confirms that a new version is compliant. How will you proceed?
  4. You need to work with the Compliance Manager to ensure that future versions of Windows 11 Enterprise obtain regulatory compliance before the deployed version of Windows 11 becomes unsupported. What will you do to ensure that you can proactively evaluate the compatibility of new versions of Windows 11?

Scenario 4

Your users use both Android and iOS devices. Lately, it’s been necessary for these users to access a database application that runs on an on-premises server. Intune manages your users’ devices.

Answer the following questions:

  1. How could you facilitate access for your users?
  2. What high-level steps are necessary to facilitate your solution?

Deploy and update apps for all supported device platforms – Manage applications-1

Within an organization, you can use on-premises tools, such as Microsoft Endpoint Configuration Manager (CM) and the Microsoft Deployment Toolkit (MDT), to manage Windows desktop images. Using these tools, you can integrate your organization’s applications into standard desktop builds and deploy and manage additional applications and updates.

You might consider using Microsoft Intune to deploy and manage apps for devices not part of your on-premises Active Directory Domain Services (AD DS) environment or cloud-managed. If enrolled in Intune, you can deploy apps to Windows, iOS, Android, and macOS devices. The Microsoft Store for Business provides another method for distributing apps for your organizational users.

Windows Configuration Designer, part of the Windows Assessment and Deployment Toolkit (Windows ADK) mentioned in chapter 1, enables you to create provisioning packages for your Windows devices. You can use these packages to add, remove, and configure applications on your users’ Windows devices.

This skill covers how to:

Deploy apps by using Intune

Using Intune, you can deploy and maintain apps from the cloud onto your users’ devices. A copy of the software can be made available across multiple devices such as their iPhone, Windows laptop, or tablet. You deploy, configure, and manage apps in Intune using the Apps node in the Microsoft Intune admin center, displayed in Figure 4-1.

FIGURE 4-1 Managing apps in Microsoft Intune

From the Apps node, the following options are available:

  • All apps Use this node to add, configure, and assign apps to your enrolled devices, irrespective of operating system (platform).
  • Monitor Select this node to review:
    • App licenses Enables you to identify volume-purchased apps from the app stores.
    • Discovered apps Displays information about apps assigned by Intune or installed on devices.
    • App installation status Reports on the status of assigned apps.
    • App protection status Displays information about app protection policy status.
  • Windows, iOS/iPadOS, macOS, and Android Under By Platform, select one of the listed operating systems to review and manage apps for a specific operating system.
  • App protection policies Use this node to configure policies that help to protect against data leakage from deployed apps. You can create policies for iOS/iPadOS, Android, and Windows.
  • App configuration policies You can create app configuration policies to configure apps on both iOS and Android devices, enabling you to customize the targeted app. You can create a policy that targets either the platform, or a specific app.
  • iOS app provisioning profiles When you deploy apps to iOS devices by using Intune, you must use an enterprise signing certificate. This certificate helps ensure the integrity of apps you deploy and typically has a lifetime of three years. However, the provisioning profile used to deploy the app lasts for a year. You can only assign and use a new app provisioning profile while the certificate is still valid.
  • S Mode supplemental policies Windows S Mode helps protect Windows computers by limiting configured devices to only installing and running apps distributed from the Microsoft Store. By using these policies, you can authorize additional apps so that S Mode–protected devices can run those additional apps. You must sign these policies using the Device Guard Signing Portal.
  • Policies for Office apps Create policies that enable you to manage Office app features and capabilities on mobile devices. There are currently more than 2,000 settings that you can assign.
  • Policy sets Using Policy sets enables you to group application management, device management, and device enrollment policies into a single grouping for assignment to specified groups of users or devices. This can help streamline the application process.
  • App selective wipe Enables you to create a wipe request that will remove company app data from a selected user and device.
  • App categories Enables you to define app category names to help your users locate suitable apps.
  • E-books Enables you to access your organization’s e-books and related settings.
  • Filters Enables you to filter apps by platform and other criteria to assign a policy based on rules you create.

Implement Microsoft Defender Antivirus – Manage, maintain, and protect devices

Malicious software can do many things to your computer, such as allowing unauthorized parties remote access to your computer or collecting and transmitting information that is sensitive or confidential to unauthorized third parties.

Some types of malware include:

  • Computer viruses Replicating malware, normally with email attachments or files.
  • Computer worms Replicate, without direct intervention, across networks.
  • Trojan horses Trick the user into providing an attacker with remote access to the infected computer.
  • Ransomware Harms the user by encrypting user data. A ransom (fee) needs to be paid to the malware authors to recover the data.
  • Spyware Tracking software that reports to the third party how a computer is used.

The most common attack vector for malware is still by email, although attacks from websites, pirated software, video, and music files are becoming increasingly common.

You can help protect against malware infection by following these guidelines:

  • All software should be from a reputable source.
  • All software and operating system updates are applied.
  • Antimalware software is installed and enabled on your devices.
  • Antimalware definitions are up to date.
  • Avoid using or accessing pirated software or media-sharing sites.
  • Be suspicious of out-of-the-ordinary email attachments, and don’t open links in spam or phishing emails.

Although no antimalware solution can provide 100 percent safety, modern solutions can reduce the probability that malware compromises your device.

Microsoft Defender Antivirus can help protect your device by actively detecting spyware, malware, and viruses in the operating system and on Windows 11 installed on Hyper-V virtual machines. Windows Defender runs in the background and automatically installs new definitions as they are released, often daily.

You can use Microsoft Defender Antivirus manually to check for malware with various scan options listed in Table 3-18.

TABLE 3-18 Microsoft Defender Antivirus scan options

Scan optionsDescription
QuickChecks the most likely areas that malware, including viruses, spyware, and software, commonly infect.
FullScans all files on your hard disk and all running programs.
CustomEnables users to scan specific drives and folders to target specific areas of their computers, such as removable drives.
Microsoft Defender Offline ScanAllows users to find and remove difficult-to-remove malicious software. The system must reboot, and the scan can take about 15 minutes.

You should routinely check your system for malware. If it becomes infected or you suspect malware is on your system, you can run a full scan.