Microsoft Defender for Endpoint Users to turn on Tamper Protection by default

[Updated on 20 September 2022] Tamper Protection Will be On by Default for all Microsoft Defender for Endpoint Users

Microsoft says it plans to turn tamper protection on by default in all instances of Defender for Endpoint. Customers who have not already turned on tamper protection will receive a notice that it will be automatically enabled 30 days from the date of the message.

Note

• It has been enabled for all new accounts for a while now. So this just brings “legacy” accounts up to the more current configuration. But I like how Microsoft keeps improving the default configuration.
• If you’ve explicitly disabled tamper protection in your portal, it will not be altered. This will not only detect tampering with systems but also attempts to disable threat protection measures. If you’re using Defender, make sure this is enabled.
• Historically, and with few exceptions, vendors have resisted secure defaults. It is good to see Microsoft taking the lead. On the other hand, changing the default late is analogous to “locking the barn after…”

Read more in

• Microsoft Defender for Endpoint will turn on tamper protection by default

Overview

Microsoft said it will enable its Tamper Protection security feature for all Microsoft Defender enterprise customers by default. The feature works by preventing local apps from disabling or modifying the Defender antivirus process. Tamper Protection has been generally available since October 2019, and Microsoft has been enabling this feature by default for all its enterprise customers since last year. In a blog post on Tuesday, Microsoft said it is now enabling this feature by default for all its existing enterprise customers as well, on October 24, 2022.

Read more in

• Prevent changes to security settings with Tamper Protection
• Tamper protection will be turned on for all enterprise customers