In this blog post, I will cover how we can manage Microsoft Defender Antivirus (MDAV) updates using our favorite MDM (Mobile Device Management) Intune. With the help of Intune, organizations can manage Microsoft Defender Antivirus updates, ensuring that devices are protected against security threats.
Within Microsoft Defender for Endpoint (MDE), there exists a magical capability called Security Management for MDE. The purpose it serves is that it allows deployment of security configurations from Intune directly to the onboarded devices without the device being enrolled into Intune.
Like Windows updates, the recommended approach is to setup the gradual release rollout for Defender updates to your targeted device groups. The intention here is to test, validate and rollout updates to devices through release channels.
WHAT ARE THE TYPES OF UPDATES AVAILABLE?
Well, there are three!
- Platform: For deploying Platform updates during the monthly gradual rollout
- Engine: For deploying Engine updates during the monthly gradual rollout
- Security Intelligence updates: For deploying Microsoft Security Intelligence updates during the monthly gradual rollout
SETTING UP MDAV UPDATES USING INTUNE
- Sign in to https://aka.ms/intune
- Click Endpoint security > Antivirus > Create policy
- To create a profile, select the following:
- Platform: Windows 10 and later
- Profile: Defender Update Controls

- Under Basics, feel free to enter a descriptive name for the AV profile in alignment with your organization’s standards. Click Next
- On the Configuration settings page, configure the respective update channels to suit your organization’s requirements

- If you have distributed IT, you can click Next to leverage Scope tags
- Under Assignments – use Include/Exclude as required based on your security groups
- In the Review + create page, make sure your settings display as intended and then click Create
Voila! That is it, you have now successfully configured MDAV updates using Intune. To confirm, watch out for the notification to appear in the top right corner of the page stating that the MDAV updates have been created successfully.
HOW TO MONITOR THE ANTIVIRUS PROFILE DEPLOYMENT?
Simple, just navigate to the Properties tab by double clicking on the created profile.
- Sign in to the Microsoft Intune Admin Center
- Select Devices > Configuration profiles
- Click Overview, and then look for profile assignment status
To monitor the run status of all assigned profiles for users and devices you can select either the user status or the device status inside the monitoring section.
When you monitor a Windows profile, the count in the Profile assignment status is per device per user. So, if two users sign in to the same device, then that device is counted twice.
By effectively managing Microsoft Defender Antivirus updates through Intune, your organization can enhance its security posture and protect against evolving cyber threats. Safeguarding your devices is crucial in today’s threat landscape, and Intune provides the tools you need to keep your organization safe. If you need expert assistance in implementing or optimizing your MDAV updates with Intune, contact us today, and our team of experienced professionals will be happy to help you fortify your defenses.