This summary of the video was created by an AI. It might contain some inaccuracies.
00:00:00 – 00:05:34
The video provides a comprehensive guide on enabling and configuring tamper protection in Microsoft Defender Antivirus to prevent unauthorized modifications. The speaker details the steps taken through security.microsoft.com, Microsoft Endpoint Manager, and the creation of a device configuration profile to ensure robust security across multiple devices. Demonstrations include attempts to disable real-time monitoring using PowerShell, which are successfully blocked, showcasing the effectiveness of tamper protection. The video also covers supported operating systems and methods to enable the feature via various Microsoft tools, emphasizing the importance of this security measure. Alerts and advanced hunting queries are highlighted as tools for administrators to monitor tampering attempts, with a reminder to viewers about the significance of enabling tamper protection.
00:00:00
In this part of the video, the speaker discusses how to enable tamper protection in Microsoft Defender Antivirus to prevent bad actors from disabling the antivirus software. The process involves logging into security.microsoft.com, navigating to settings, endpoints, and advanced features, and then enabling tamper protection. Once enabled, it propagates to all onboarded devices, making certain protections unmodifiable by users. To selectively enable tamper protection on specific devices, the speaker explains using Microsoft Endpoint Manager to create a device configuration profile. They demonstrate configuring this profile for Windows 10 and later, choosing endpoint protection, and assigning it to specific user groups. Finally, the speaker tests the effectiveness of tamper protection using PowerShell to verify that tampering attempts are indeed blocked.
00:03:00
In this part of the video, the presenter demonstrates how to attempt to disable real-time monitoring using the “set-mp preference” command. Despite these actions, the real-time protection remains enabled, showing tamper protection’s effectiveness. The presenter then discusses the supported operating systems, including various versions of Windows 10 and Windows Servers. They explain that tamper protection ensures malicious apps cannot alter settings and show how to enable this feature using different Microsoft tools like Defender Security Center, Endpoint Manager, and Configuration Manager. Additionally, for individual devices, users can enable tamper protection through the Windows Security Center. If an attempt to tamper with the device occurs, alerts are sent to administrators, and advanced hunting queries can be used for investigation. The video concludes with appreciation for viewer feedback and a reminder to enable tamper protection.