Windows / Intune – Tamper Protection, a new protection capability is now available

As you know, attackers always try to be ahead of the security game and one of their technique is to disable the endpoint protection (aka antivirus/antimalware).

Well, while Windows Defender is a quite secure and robust endpoint protection, it is obviously one of the major focus for these attackers.

To help mitigate security threats trying to disable Windows Defender and/or modify the security configuration on Windows 10 devices, a new capability has been added – called Tamper Protection – which can be enabled using Intune.

The tamper protection is designed to block malicious attacks and changes to security features. It has been delivered in preview to Windows Insider earlier this year and is now in GA (general availability).

The tamper protection will help better protecting security protection such as (but not limited):

  • Real time protection; this means it will ensure this will never be disabled – while this was already quite rare to have it turned off (unless you are using a third party AV)
  • Cloud delivered protection; which uses cloud-based detection and prevention services to block not yet known malware
  • Behavior monitoring; which helps detecting suspicious activities. It make sense to see this capability protected by tamper protection as it works closely with the real time detection
  • Security intelligence updates which is the Defender updated protection database to ensure Windows Defender is always up to date

You can start enabling tamper protection using Intune by connecting to your Azure portal (https://portal.azure.com) or Device Management portal (https://devicemanagement.microsoft.com) to reach out the Intune\Device Configuration\Profiles configuration blade

NOTE this can be managed only from the Intune portal; local administrator will not have access to enabled/disable the feature

image_thumb  image_thumb[1]

From there either create a new Endpoint protection profile or edit your existing one and reach out the Microsoft Defender Security Center configuration to enable Tamper Protection (not configured by default)

image_thumb[2]

Once enabled, the security policy is signed in the back-end before being applied to the devices, which then makes security configuration changes by other means (which includes group policy, registry keys or WMI); support for these ‘known and secured’ configuration methods will come in future updates.

Once enabled and applied, end-user will see in the Windows Security center the tamper protection enabled.

image_thumb[4]

Administrators will then be able to have access to reporting and alerts raised through the Microsoft Defender ATP portal (https://securitycenter.windows.com/).

You will need to have either E5 plans or Microsoft Defender ATP licenses.

For home users (aka unmanaged devices), this capability will be gradually enabled (with ability for them to turn it off).

image_thumb[3]

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Book a Demo

Your Name (required)

Your Email (required)

Phone Number(Optional)

Ask a Question

Your Name (required)

Your Email (required)

Phone Number(Optional)

Your Message

Book Assessment

Evaluate your modern workplace security posture and validate it against current best practices with a Microsoft Secure Score Assessment, from cubesys

Your Name (required)

Your Email (required)

Phone Number(Optional)

Book your Windows Analytics Deployment

Your Name (required)

Your Email (required)

Phone Number(Optional)