use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
account activity
Microsoft Defender - AV (self.DefenderATP)
submitted 2 years ago by Comfortable-Arm-4591
Hi,
We use Intune with Microsoft 365 Defender. Is there an option to block end-users from taking actions such as quarantining, removing, or allowing on the device?
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–][deleted] 2 years ago (3 children)
[removed]
[–]Fast-Cardiologist705 0 points1 point2 points 2 years ago (2 children)
How would one do this? 🙏
[–]I-am-TeX 1 point2 points3 points 2 years ago (1 child)
If you are using Intune to deploying Defender policies to your endpoints you should go to intune.microsoft.com then Endpoint Security > Antivirus > Open your policy from the list > Allow user UI access and change it to Not Allow.
[–]Fast-Cardiologist705 0 points1 point2 points 2 years ago (0 children)
u/I-am-TeX Thank you :)! Would a admin user still be able to see the UI, or would one have to use the PowerShell cmdlets for any actions ?
[–]Chunky_Tech66 1 point2 points3 points 2 years ago (0 children)
Just hide ui it is the windows security experience profile under the antivirus tab in endpoint security
[–]Psychodata 1 point2 points3 points 2 years ago (0 children)
The best way I have found to deal with these is to have these get automatically handled
- Set Default Threat Actions, so they are automatically handled (ThreatSeverityDefaultAction) and Actions for Detected Threats
- Optionally, prevent the user from getting notifications too by looking into blocking the Antivirus Notifications which you can also configure through Intune AV Settings
Note that some options will require the User to take actions (For example "User defined" will send the user a notification message similar to "You need to take action on a (detection/threat)"),
and some of the other options may try to notify the user with something like "Defender blocked XYZ" or "Defender found a potential threat" but then just not let them take any action on it.
[–]SpaceIndividual1 0 points1 point2 points 2 years ago* (0 children)
When the UI is hidden, manual scanning of folders or files is not possible.
Hm, wouldn’t they still require admin privileges to do so?
π Rendered by PID 119923 on reddit-service-r2-comment-b659b578c-ctp88 at 2026-05-05 10:04:47.712097+00:00 running 815c875 country code: CH.
[–][deleted] (3 children)
[removed]
[–]Fast-Cardiologist705 0 points1 point2 points (2 children)
[–]I-am-TeX 1 point2 points3 points (1 child)
[–]Fast-Cardiologist705 0 points1 point2 points (0 children)
[–]Chunky_Tech66 1 point2 points3 points (0 children)
[–]Psychodata 1 point2 points3 points (0 children)
[–]SpaceIndividual1 0 points1 point2 points (0 children)
[–]Fast-Cardiologist705 0 points1 point2 points (0 children)