Microsoft says that tamper protection will soon be enabled by default for all Enterprise customers to help prevent ransomware attacks.
The company added a new feature to its endpoint security platform that blocks changes to key security settings, and it prevents attackers or malicious tools from turning off the anti-malware software.
Once enabled, Microsoft Defender Anti-virus will lock itself to secure default settings and prevent any changes to your security settings.
VMware vCenter Server has been closing security loopholes since last year, but a recent bug indicates that those patches have had minimal effect.
To provide good protection, Defender blocks other apps from changing the settings for real-time and cloud-delivered protection, behavior monitoring, and Defender components like IOAV. IOAV is responsible for detecting suspicious files that you download from the Internet.
Previously, malware protection features were turned on automatically in Microsoft Defender after installing Windows Home on home computers.
Previously, Microsoft only offered this as an optional MDE for enterprise customers who used Intune to enable the option. But now enterprise local administrators get the privilege too!
“To better protect customers from ransomware attacks, last year we turned on tamper protection by default for all new customers with Defender for Endpoint Plan 2 or Microsoft 365 E5 licenses,” said Josh Bregman, a Principal Product Manager at Microsoft.
“To give our customers better protection, we’re turning on tamper protection for all our existing customers.”
MDE editor by default
Microsoft Defender for Endpoint is enabled by default.
Customers who haven’t yet configured tamper protection in their environments will be notified that the feature will be turned on in 30 days.
For example, on September 21, 2022, preview customers will get an alert saying that tamper protection will be toggled one month later on October 24, 2022.
Bregman told us that to prevent something like this from happening again, it’s a good idea to turn on and keep tamper protection enabled.
If you don’t want tamper protection on for your tenant, you can opt out by specifying it in your settings.
To turn off tamper protection, you’ll need to do the following:
To sign in to Microsoft, go to security.microsoft.com and log in.
In order to access advanced technologies such as SSL certificates, you’ll need to go to the Settings tab, then click Endpoints.
To turn tamper protection on, toggle the switch.
Select Save Preferences
To turn off tamper protection, un-select the toggle.
Select SAVE options.
Admins can also use Microsoft Endpoint Manager or Security Management for Defender for Endpoint to exclude some devices that might be causing an application compatibility issue from the tamper protection.
