Managing Windows Defender with SCCM RRS feed

  • Question

  • Hi everyone,

    We are looking into testing Windows Defender to replace our current AV solution.  Our environment is Windows 10 (1703) and SCCM Current branch (1702 - build 8498)

    From reading the various documents ( it seems that Windows Defender is managed via installing the SCCM Endpoint protection point site role.  where I am confused is that I was under the impression that endpoint protection referred to the discontinued System Center Endpoint Protection client however it seems that this is what MS uses as a generic label for the AV / malware tools nowadays.  Hopefully I am not miles off with that assertion!

    I just wanted to check whether this is still the correct way to do this in order to manage the inbuilt Windows Defender client on Win 10 (1703) machines.  Are there any pitfalls to be aware of?  I intend to test this on a small subset of machines as a proof of concept.  Has anyone here done similar and did you find it a suitable alternative to the many other commercial AV solutions.

    My other question is whether anyone here is using Windows Defender ATP and what their thoughts were on this, has it provided you with easier management / better reporting?  I do like the look of "cloud" security center.  However we are currently on E3 licenses and ATP requires E5.

    Many thanks in advance.

    • Edited by AntonyPaul Tuesday, August 8, 2017 10:07 AM
    Tuesday, August 8, 2017 10:07 AM


All replies

  • Hello,

    Beginning with Windows 10 and Windows Server 2016 computers, Windows Defender is already installed. You don't need to install the Endpoint Protection client on Windows 10. 

    The Endpoint Protection client is only installed on Windows 8.1 and earlier computers.

    Windows Defender ATP works with existing Windows security technologies on endpoints, such as Windows Defender, AppLocker, and Device Guard. You can get a free trial from the following website.

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, August 9, 2017 7:39 AM
  • The Defender will be used by the SCEP in the console and it wont install any agent on the machine so the controlled deployment and reporting would be from the SCCM console,however i believe you still need the license for the AV.

    Kamala kannan.c| Please remember to click “Mark as Answer” or Vote as Helpful if its helpful for you. |Disclaimer: This posting is provided with no warranties and confers no rights

    Wednesday, August 9, 2017 10:11 AM