In Windows 1703 – Windows Defender Security Center was first introduces.
In Windows 10 1709 there is a lot of new policies and settings and one of them is settings for Windows Defender Security Center. Windows 10 1709 is still in insider ring and subject to be chanced. Microsoft is doing a lot of investment to configure Windows 10 when it is MDM managed – there will never be as many setting in CSP as there are in GPO.
I will show how to hide “Family options” and leave the rest ‘ they can all be hidden with different CSP.
First create a new profile in intune:
Name:
Configure WindowsDefenderSecurityCenter
Platform:
Windows 10 and later
Profile Type:
Custom
Name:
WindowsDefenderSecurityCenter/DisableFamilyUI
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableFamilyUI
Data Type:
Integer
Value:
1 (0 = Disable and 1 = Enable)
This setting will set so that it is only critical notifications on the device – so the end-user only sees notifications when it is important.
Name:
WindowsDefenderSecurityCenter/DisableEnhancedNotifications
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableEnhancedNotifications
Data Type:
Integer
Value:
1 (0 = Disable and 1 = Enable)
Some of the other new settings in Windows Defender Security Center is company customization with branding and custom information, (Phone using Skype, Email, Help portal URL) in Windows Defender Security Center. For the custom settings to take effect on the device you need to set EnableCustomizedToasts or EnableInAppCustomization enabled.
Name:
WindowsDefenderSecurityCenter/EnableInAppCustomization
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/EnableInAppCustomization
Data Type:
Integer
Value:
1 (0 = Disable and 1 = Enable)
Name:
WindowsDefenderSecurityCenter/EnableCustomizedToasts
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/EnableCustomizedToasts
Data Type:
Integer
Value:
1 (0 = Disable and 1 = Enable)
When we have EnableCustomizedToasts or EnableInAppCustomization we can start doing the customization CSP.
Name:
WindowsDefenderSecurityCenter/CompanyName
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/CompanyName
Data Type:
String
Value:
Osddeployment
Name:
WindowsDefenderSecurityCenter/Phone
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/Phone
Data Type:
String
Value:
+45 11 22 33 44
Name:
WindowsDefenderSecurityCenter/URL
OMA-URI:
./Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/URL
Data Type:
String
Value:
https://osddeployment.dk
The full documentation from Microsoft can be found here:
Policy CSP – WindowsDefenderSecurityCenter
This settings can also be set with a GPO when using Active Directory
How it the user experience when we start doing the policy:
When we hide FamilyUI it is not showed in Windows Defender Security Center
When we do the customization it look like this:
Our company name is showed in the right lower corner
When we click on the company name the rest of our customize information is showed.
How do we see if the settings are applied to the device:
In the settings apps we are also getting more information in Windows 1709
Settings App – Account –
Policy area applied – WindowsDefenderSecurityCenter
When exporting the local policy settings we get a XML file with all the settings that are applied to the user or device.
Search for WindowsDefenderSecurityCenter then we can see all the related settings
Cloud First 