Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint for better defense against ransomware attacks.
Once toggled on, it locks Microsoft Defender Antivirus to secure default values and will prevent any security settings changes.
Until now, tamper protection was turned on by default in Microsoft Defender after installing Windows home users.
“Starting last year, to better protect our customers from ransomware attacks we turned on tamper protection by default for all new customers with Defender for Endpoint Plan 2 or Microsoft 365 E5 licenses,” said Josh Bregman, a Principal Product Manager at Microsoft.
“To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal.”
Admins can also exclude some devices from tamper protection if there’s an application compatibility concern by creating a profile in Microsoft Endpoint Manager or using Security Management for Defender for Endpoint.