From the first time i was doing a installation of Windows 10 with cloud only management from Microsoft Intune one of the missing parts was Windows Defender reporting and response. With the new release of Intune we are getting Windows Defender’s health and status, this gives us a overview that we only had in Windows Analytics Update Compliance – Windows Defender AV Assessment.

So now we can report on Windows Defender’s health and status and response from Microsoft Intune on MDM managed Windows 10 devices – using a status roll up report in the Device Compliance workload we are getting a overview of our company devices Windows Defender status. This is only reporting and there is no automatic response on devices that are in a state where we want to do a action.

How to see the new Windows Defender’s health and status reports in Intune:

In the Intune portal click:

  1. Device Compliance
  2. Threat agent status

Then you are getting a list of reports:


  • Devices with outdated signatures (2)
  • Devices pending full scan (3)
  • Devices pending restart (47)
  • Devices pending manual steps (2)
  • Devices pending offline scan (2)
  • Devices with critical failures (1)
  • Devices with inactive threat agent (45)
  • Devices with unknown threat agent (3)
  • Clean devices (8816)

Where the numbers in () gives a number count in every report

Intune - Windows Defender reporting 00

You can drill down in every report and get the devices

Intune - Windows Defender reporting 01

When you have found a device with and issue and you want to fix it go to:

  1. Devices
  2. All devices
  3. Find the device and click on it

Intune - Windows Defender responce 01

On the devices object in Intune you can click morethen you are getting some device a action – three of em are Windows Defender related and can be performed on the selected devices

  • Quick Scan
  • Full Scan
  • Update Windows Defender signature

If there is devices in the report “Devices pending restart” you can also do a remote restart of the device

Intune - Windows Defender responce 02

Before we got the Windows Defender reports in Intune we had Windows Analytics Update compliance. We still have that options – but it is in another console/product.

Windows Analytics update compliance - AV Assesment