Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint (MDE) for better defense against ransomware attacks.
The company added this feature to its enterprise endpoint security platformin March 2019to block changes to key security features and prevent attackers or malicious tools from disabling the antimalware solution or deleting security updates.
Once toggled on, it locks Microsoft Defender Antivirus to secure default values and will preventany security settings changes.
To do that, it blocks other apps from changing the settings for real-time and cloud-delivered protection, behavior monitoring, and Defender components likeIOfficeAntivirus(IOAV) whichhandles the detection of suspicious files downloaded from the Internet.
Until now, tamper protection was turned on by default in Microsoft Defender after installing Windows home users.
However, it was only available as an optional MDE feature for enterprise customers that could only be enabled using the Intune management console (local administrators were blocked from toggling it on).
"Starting last year, to better protect our customers from ransomware attacks we turned on tamper protection by default for all new customers with Defender for Endpoint Plan 2 or Microsoft 365 E5 licenses," saidJosh Bregman, a Principal Product Manager at Microsoft.
"To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal."
Customers who haven't yetconfigured tamper protection in their environments willsoon receive notifications alerting them that the featurewill be turned on in 30 days.
For instance, public preview customers will receive an alert on September 21, 2022, saying that tamper protection will be toggled one month later, on October 24, 2022.
"We recommend that you turn tamper protection on and keep it enabled across your organization," Bregmansaid.
However, he added, "if you prefer that tamper protection not be turned on automatically for your tenant, you can explicitly opt out."
The steps needed to toggle off tamper protection manuallyrequire you to:
- Go to security.microsoft.com and sign in.
- Go to Settings > Endpoints > Advanced features
- Turn tamper protection on by selecting its toggle.
- Select Save preferences
- Turn tamper protection off by selecting its toggle.
- Select Save preferences.
Admins can also exclude some devices from tamper protection if there's anapplication compatibility concern bycreating a profile in Microsoft Endpoint Managerorusing Security Management for Defender for Endpoint.
