Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Defender for Endpoint to Enable Tamper Protection for All Customers

Microsoft Defender for Endpoint will soon turn on tamper protection by default for all existing enterprise customers. The tamper protection feature prevents malicious apps from making unwanted changes to important security configuration settings on Windows, Windows Server, and macOS.

Microsoft introduced tamper protection in its enterprise endpoint security solution back in 2019. Currently, the feature is turned on by default for new customers with an active Microsoft 365 E5 or Defender for Endpoint Plan 2 subscription. With this release, Microsoft also plans to enable it for all existing enterprise customers.

“Tamper protection in Microsoft Defender for Endpoint protects your organization from unwanted changes to your security settings. Tamper protection helps prevent unauthorized users and malicious actors from turning off threat protection features, such as antivirus protection. Tamper protection also includes the detection of, and response to, tampering attempts,” Microsoft explained in a blog post.

Microsoft Defender for Endpoint to Enable Tamper Protection By Default

How to opt out of the tamper protection default setting

Microsoft will send notifications to organizations that haven’t configured tamper protection in their tenants. These notifications will alert customers that it will be switched on in 30 days.

Microsoft encourages businesses to turn on the feature to prevent security threats such as human-operated ransomware attacks. However, there is also an option to explicitly opt out of this change by following the steps mentioned below:

Head to security.microsoft.com and log in.
Navigate to Settings >> Endpoints >> Advanced features, enable the tamper protection toggle button and click the Save preferences button.
Now, disable the tamper protection option and click Save preferences to apply the changes.

Microsoft says that organizations can also choose to disable tamper protection on select devices due to application compatibility issues. IT admins can either use Security Management for Defender for Endpoint or create a profile in Microsoft Endpoint Manager. Let us know in the comments below if you have enabled tamper protection in your organization.

by Rabia Noureen
Sep 21, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Mitigating Identity-Related Risks With Windows Hello for Business and Seamless Single Sign-On (SSO)

Jun 26, 2023
Implementing Access Controls using Microsoft Intune

Jun 28, 2023
How to Protect Windows Devices with Microsoft Defender for Endpoint

Aug 30, 2023
Sep 07, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.