MC291895: Ignoring Disable Anti Spyware Disable Antivirus on client devices (E3 and E5)

By design, Microsoft Defender Antivirus is automatically disabled when a 3rd party antivirus is present on the client. We are making an update to improve security by ignoring a legacy setting, DisableAntiSpyware (which disables Microsoft Defender Antivirus). This change will impact clients running Windows 10, version 1903 or higher with Microsoft Defender AV platform version 4.18.2108.4 and higher with E3 and E5 licenses.

MC291895: Ignoring Disable Anti Spyware Disable Antivirus on client devices (E3 and E5)

Affected Workloads

  • Microsoft 365 Defender

Key points

  • Timing: Rollout started to a small group of organizations. We will begin rolling out broadly starting in mid-November and expect to complete in mid-December.
  • Action: Review and assess impact for your organization

How this will affect your organization

  • If your Windows 10, version 1903 or higher, clients are utilizing Microsoft Defender Antivirus or a 3rd party antivirus they will not be impacted.
  • After this change is made if you have Windows 10, version 1903 or higher, clients that are not using antivirus software, Microsoft Defender Antivirus will be enabled.
  • As older clients upgrade to Windows 10 version 1903 or higher, this change will be in effect.

What you need to do to prepare

You might want to educate your end users if they may see a change with Microsoft Defender Antivirus being enabled.

If your organization has a need to manage Microsoft Defender Antivirus at a granular level, please review: Microsoft Defender Antivirus in Windows

Message ID: MC291895
Published: 15 October 2021
Updated: 16 October 2021