Microsoft Defender for Endpoint (MDE), Common Actions

Summary

The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

Linux

View security alerts

  1. Log into the Azure Portal.
  2. In the top search box, type defender for the cloud.
  3. Select Defender for Cloud
    Microsoft defender for cloud
  4. On the left, select Security Alerts.
    Security alerts


IFS R&D International (Pvt) Ltd
IFS develops and delivers enterprise software for customers around the world