As soon as Microsoft Defender detects a malicious file or software, Microsoft Defender blocks it and prevents it from running. And with cloud-delivered protection turned on, newly detected threats are added to the antivirus and antimalware engine so that your other devices and users are protected, as well.
Microsoft Defender Antivirus detects and protects against the following kinds of threats:
Viruses, malware, and web-based threats on devices
Phishing attempts
Data theft attempts
As an IT professional/admin, you can view information about threat detections across Windows devices enrolled in Intune in the Microsoft 365 admin center. Summary information includes:
How many devices need antivirus protection
How many devices aren't in compliance with security policies
How many threats are currently active, mitigated, or resolved
Actions you can take
When you view details about specific threats or devices, you see recommendations and one or more actions you can take. The following table describes actions that you might see.
Your threat protection policies need to be configured. Select the link to go to your policy configuration page.
Need help? See Manage device security with endpoint security policies in Microsoft Intune.
Update policy
Your antivirus and real-time protection policies need to be updated or configured. Select the link to go to the policy configuration page.
Need help? See Manage device security with endpoint security policies in Microsoft Intune.
Run quick scan
Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders.
Run full scan
Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to Microsoft Intune.
Update antivirus
Requires the device to get security intelligence updates for antivirus and antimalware protection.
Restart device
Forces a Windows device to restart within five minutes.
IMPORTANT: The device owner or user isn't automatically notified of the restart and could lose unsaved work.
View and manage threat detections in the Microsoft Defender portal
Go to the (Microsoft Defender portal) and sign in.
In the navigation pane, choose Threat Analytics to see all the current threats. Threads are categorized by threat severity and type.
Select a threat to see more details about the threat.
In the table, you can filter the alerts according to many criteria.
Manage threat detections in Microsoft Intune
You can use Microsoft Intune to manage threat detections as well. First, all devices whether Windows, iOS or Android, must be enrolled in Intune.
Go to the Microsoft Intune admin center at https://endpoint.microsoft.com and sign in.
In the navigation pane, select Endpoint security.
Under Manage, select Antivirus. You see tabs for Summary, Unhealthy endpoints, and Active malware.
Review the information on the available tabs, and then take any needed action.
For example, suppose that devices are listed on the Active malware tab. When you select a device, certain actions are available, such as Restart, Quick Scan, Full Scan, Sync, or Update signatures. Select an action for that device.
The following table describes the actions you might see in Microsoft Intune.
Action
Description
Restart
Forces a Windows device to restart within five minutes.
IMPORTANT: The device owner or user isn't automatically notified of the restart and could lose unsaved work.
Quick Scan
Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. Results are sent to Microsoft Intune.
Full Scan
Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to Microsoft Intune.
Sync
Requires a device to check in with Intune. When the device checks in, the device receives any pending actions or policies assigned to the device.
Update signatures
Requires the device to get security intelligence updates for antivirus and antimalware protection.
Tip
For more information, see Remote actions for devices.
How to submit a file for malware analysis
If you have a file that you think was missed or wrongly classified as malware, you can submit that file to Microsoft for malware analysis. Users and IT admins can submit a file for analysis. Visit https://www.microsoft.com/wdsi/filesubmission.
See also
Best practices for securing Microsoft 365 for business plans
Overview of Microsoft Defender for Business (Defender for Business is rolling out to Microsoft 365 Business Premium customers, beginning March 1, 2022)
Microsoft 365 Business Premium includes Defender for Business, which provides advanced protection for your organization's devices, including client computers, tablets, and mobile phones. Server protection is also available if you have Microsoft Defender for Business servers.
Threat detection and response is the practice of identifying any malicious activity that could compromise the network and then composing a proper response to mitigate or neutralize the threat before it can exploit any present vulnerabilities.
Click on Protection history. You can now see a list of blocked threats. You can use filters to find recommendations, quarantined, cleaned, blocked, or severity. You can also clear your filter history from the filters dropdown.
If Defender finds malware on your device it'll block it, notify you, and try to remove the malware if it can. In some instances Defender may need you to take some actions such as quarantining or removing the dangerous file or process.
Microsoft 365 Business Premium was designed for small to medium-sized businesses with low to medium IT complexity requirements. Customers can purchase up to 300 Microsoft 365 Business Premium licenses for their organization. Customers can mix and match cloud subscriptions.
The Defender portal includes anti-malware policies that you can set up or edit as needed. Microsoft Defender Antivirus - With Microsoft 365 Business Premium you can see detected and monitored threats in the Microsoft 365 Admin Center.
An antivirus is a program that can remove viruses or other malicious softwares. If it detects any unwanted, unusual activity or any virus, malware it automatically removes that thing or we can say it automatically fix the problem.
Selecting the Actions dropdown at the bottom right corner will let you Quarantine the threat, rendering it harmless, or if you're confident that this item has been falsely identified as a threat you can choose to Allow on device.
Microsoft Defender Antivirus requires disk space to remove and quarantine malware files. It might be prevented from completely removing a threat if there isn't enough available space on your PC, particularly on your system drive (usually drive C).
They may also put your browser in full screen mode and display pop-up messages that won't go away, apparently locking your browser. These fake error messages aim to scare you into calling their "technical support hotline". Important: Microsoft error and warning messages never include phone numbers.
The Windows Defender warning you see on the browser is a scam identified and exposed by security professionals. Illegitimate actors use this scam to gain valuable information about the victims, such as bank and personal details.
What do I do if I get a Windows Defender security warning? If you get the Windows Defender security warning, close your web browser, reopen it, and check if the warning still appears. If it does, reinstall the browser, look for suspicious apps on your computer, or run an antivirus scan.
Microsoft 365 Business Premium includes the option to use security defaults or Conditional Access policies to turn on MFA for your admins and user accounts. For most organizations, security defaults offer a good level of sign-in security.
Introduction: My name is Mr. See Jast, I am a open, jolly, gorgeous, courageous, inexpensive, friendly, homely person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
