Documentation Center

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support Portal
  • Home
  • Administration
  • Marketplace Apps

Microsoft Defender Antivirus

Contact Us

If you have questions or want help, please Submit a Request.

Updated at Nov 11, 2024
By Kali Patrick

Table of Contents

System Requirements Activate Managed Windows Defender View Defender Information on Assets In the Overview Subtab In the Antivirus Subtab Using a Saved Asset Search Features That Syncro's Integration Supports

Related Docs

  • Work in Syncro's Policy Builder

Syncro provides integrations with several antivirus providers to help you protect your customers' assets. Microsoft's Defender Antivirus (formerly Windows Defender) is one of them.

You can take full control of Microsoft's Defender Antivirus on your Windows endpoints and keep your customers protected by remotely monitoring and remediating threat detections directly through Syncro.

With Syncro's Managed Microsoft Defender Antivirus integration, you'll get:

  • Time-saving, centralized management of Microsoft’s built-in Defender Antivirus,
  • Scan schedules, protection settings, exclusions, and more, which you can set in your Syncro policies,
  • The ability to initiate remote scans with a single click, 
  • Timely notifications and remediations for threat detections, and
  • An affordable, managed antivirus solution that helps you negotiate better contracts with your customers and pursue new revenue opportunities.

See the Features That Syncro's Integration Supports for more details.

Note: Syncro's Managed Microsoft Defender Antivirus has a small monthly cost per workstation, which you'll see during the set up process.

System Requirements

Syncro's Managed Windows Defender has the following operating system requirements:

  • Windows 10+
  • Windows Server 2016+
  • Managed Defender Antivirus Version Requirements

Syncro's integration is developed for the free, built-in Microsoft Defender Antivirus for the operating systems listed above. However, our integration can also manage a limited set of core functions for the following versions:

  • Defender for Endpoint
  • Defender for Business

To avoid conflicts between Syncro's integration and the versions described above, adjust your Syncro Managed Windows Defender policy settings to mirror your configurations in Microsoft Defender Antivirus for Endpoint or Microsoft Defender Antivirus for Business.

Activate Managed Windows Defender

To use Managed Windows Defender in your Syncro policies, follow these steps:

  1. Navigate to Admin > Integration - App Center, and select click the Managed Windows Defender tile: 
     
    Tip: Click the Security link or enter criteria in the Search App Center bar at the top to narrow the list of tiles.
  2. Check the “Enable Managed Windows Defender” box, then click Save: 
     
    Managed Windows Defender is now available for use as an antivirus in your Syncro policies.
  3. From a new policy or an existing asset policy, click the Antivirus section on the left side, then select “Windows Defender” from the “Add an Antivirus” dropdown menu: 
     

    Note: The Syncro integration can't remotely activate Microsoft Defender Antivirus if it has previously been manually deactivated (due to the “Tamper Detection” setting). This means you'll see a warning prompt:    


    If Microsoft Defender Antivirus was manually deactivated on the endpoint previously, then you must reactivate Defender in Windows to activate Syncro's managed integration. If Microsoft Defender Antivirus was automatically disabled by another antivirus at install, it should automatically reactivate when the other antivirus is removed. 
     
  4. While Syncro pre-populates the majority of the Microsoft Defender Antivirus settings with recommended defaults, you can adjust these however you’d like using the following policy settings sections:
  • Interface: Optionally, suppress the ability for your end-customer to access the Microsoft Defender Antivirus UI and Microsoft Defender Antivirus notifications on your managed endpoints.
  • Protection: While the majority of protection settings are enforced when Microsoft Defender Antivirus is active, you can optionally manage Defender’s Cloud Protection and Automatic Sample Submission behavior.
  • Quick Scan Schedule: Specify the recurring Quick Scan schedule for your endpoints inheriting this policy. Choose from Every Day, or a specific day of the week. 
  • Scan Behavior: Fine-tune your device scans.
  • Scan Exclusions: Specify one or more scan exclusions by File, Folder, File Type, or Process.
  • Signatures & Updates: Fine-tune the update interval (in hours) and catch up behavior (in days) of signature definitions.
  • Advanced: Set the quarantine purge frequency (in days) and manage NIS definition settings.
  1. Click Save Policy. 

NOTE: To stop Syncro from managing Windows Defender on your assets, simply remove the Windows Defender Antivirus item from the appropriate policy. 

View Defender Information on Assets

In the Overview Subtab

Any assets inheriting a policy where the Defender antivirus has been activated reflect the status in the “Overview” section on the Asset's Details Page "Overview" subtab:

In the Antivirus Subtab

In the "Antivirus" subtab for an asset, you'll find information about Windows Defender’s protection status, including any threat detections present on the system:

  1. Protection Status: A high-level overview of the protection status of Defender Antivirus on the endpoint. A green-check shield indicates the setting is active; an orange icon indicates that the module is disabled. If a protection module is ever disabled, Syncro generates an RMM alert to notify you and your team.
     
  2. Manual Scans: Here you can initiate manual Quick or Full Scans for the asset. For each manual scan run, Syncro logs the five (5) most recent scans in the table. For more scan history, Syncro conditionally displays a link to the asset audit report so you can view the full manual scan history. If a manual scan fails for any reason, Syncro generates an RMM alert to notify you and your team. 

    Tip: In addition to running scans manually per-asset, you can run manual scans in bulk for any assets that have Managed Windows Defender activated. Select one or more assets on the Assets tab/module, then click the Bulk Actions button and choose “Run Windows Defender Scan”:


    Choose the Scan Type from the pop-up that appears, then click Scan:
  3. Threat Detections: Syncro logs all threat detections for the device in this section. Click the More (triple-dot) icon and select “View Details” to open the Threat Details pop-up and learn more about the detection: 



    Note: If a detected threat is shown here, Syncro also generates an RMM alert so you and your team stay notified and can remediate.
  4. Signatures: Displays the signature version and age of the Anti-malware, Anti-spyware, and Network Inspection signature engines 
  5. Exclusions: Displays the exclusions currently specified in Microsoft Defender Antivirus. This includes any exclusions set in your Syncro policies, as well as any managed outside of Syncro directly on the asset.  

Using a Saved Asset Search

To help determine which assets have Syncro's Managed Microsoft Defender Antivirus active in their policies, you can also use the “Missing Managed Windows Defender” or “Has Managed Windows Defender” criteria in any Saved Asset Search.

Features That Syncro's Integration Supports

Feature Supported?
Remote Activation

No—Because of the "Tamper Protection" setting, Microsoft Defender Antivirus cannot be remotely activated or deactivated with Syncro's Managed Microsoft Defender.

When this is the case, the Asset's Overview subtab's Overview section displays a warning:

Scheduled Quick Scans Yes
Scheduled Full Scans No—Per Microsoft’s recommended best practices, full scan schedules are not supported in this integration. More information available here. 
Manual Quick and Full Scans Yes
Bulk Quick and Full Scans Yes
Signature Update Schedule Yes
Bulk AV Scans Yes
Scan Exclusions Yes
Asset Saved Search Yes
Protection Engine Management Partial—Because of the "Tamper Protection" setting in Microsoft Defender Antivirus, only the cloud protection engine and automatic sample submission can be managed in Syncro's integration. You must manually manage all other protection modules.
RMM Alerts

Yes—Syncro generates RMM Alerts for the following events when Managed Defender is active:

  • Threat Detections 
  • Protection Module Deactivation 
  • Manual Scan Failures
Automated Remediation Yes—Use the “Trigger Category” Condition of “Windows Defender AV Detection” in any new or existing automated remediations. See also Automated Remediations Reference. 

Was this article helpful?

Yes
No
Give feedback about this article

The integrated platform for running a profitable MSP business

Syncro All-in-one MSP Software Facebook Syncro All-in-one MSP Software Twitter Syncro All-in-one MSP Software LinkedIn Syncro All-in-one MSP Software YouTube Syncro All-in-one MSP Software Reddit
  • Compliance
  • Privacy Policy
  • Website Terms
  • Service Terms
Knowledge Base Software powered by Helpjuice

© 2017-2024 Servably, Inc. All rights reserved.

Expand