Leveraging Microsoft Defender Antivirus with Datto EDR

NAVIGATION  Policies

SECURITY   Datto EDR subscription with administrator or analyst-level platform access

IMPORTANT  Microsoft has announced a bug that impacts antivirus Attack Surface Reduction rules. Before enabling your Windows Defender AV policy, please ensure that the requirements listed in this article are met.

In addition to offering extensive policy customization and ransomware detection options, Datto EDR enables system administrators to quickly implement comprehensive Microsoft Defender Antivirus configurations on endpoints with the click of a toggle. Microsoft Defender integrates seamlessly into your existing Datto EDR suite to provide your organization with an additional layer of security against malware, spyware, and malicious browser activity.

Requirements

  • You must have an active Datto EDR subscription.
  • Microsoft Defender Antivirus must be installed on all endpoints you wish to monitor.
  • The Datto Endpoint Security agent must be installed on all endpoints you wish to monitor, and those devices must be able to communicate with your EDR instance.
  • Your endpoint must be running Windows antivirus version 1.381.2164.0 or higher. If doing so is not possible, you will need to disable the toggle labeled Use advanced Office/Adobe Reader protection in the Attack Surface Reduction section of your Windows Defender AV policy.

Supported operating systems

Microsoft Defender Antivirus management has been tested, and all options are fully supported in the following versions and higher. For previous versions, certain options may not be available. Refer to Microsoft Defender's antivirus documentation for any versions not listed to verify the options available.

Operating system name

Windows 10 Pro Windows Server 2019 Datacenter

Operating system version

21H2 1809

Operating system build

19044.2364 17763.3406

Antimalware client version

4.18.221.5 4.18.2211.5

Engine version

1.1.19900.2 1.1.19900.2

Antivirus version

1.381.2164.0 1.381.2164.0

Antispyware version

1.381.2164.0 1.381.2164.0

Microsoft Defender Antivirus features

Manage multiple Microsoft Defender Antivirus built-in configuration options with Datto EDR. You can enable or disable unique interface, protection, scanning, exclusions, and attack surface reduction settings. When integrated with Datto EDR, Microsoft Defender Antivirus provides robust detection of and protection against known and emerging threats.

For more information about how to configure Microsoft Defender policies, refer to Working with the Policies page.

FAQs

Need support?

Kaseya is always available to assist further. Your Kaseya Account Executive can enroll you in basic and intermediate-level platform training. For technical assistance, visit our Kaseya Support article to learn how to get in touch.