This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
For MS 365 Endpoint/Intune compliance Microsoft required that you use either Windows Defender AV (and Anti-Malware) or "a solution which is registered with the Windows Defender Security Center" (WDSC, in case you don't know, this is just a fancy name for the Windows Security app, specifically the Home tab, see here) . Trendmicro Internet Security is registered with the WDSC and I have all green ticks (proof of compliance). As you likely also know, Trendmicro provides anti-malware protection, and once you install Trendmicro is disables Windows A-V and A-M (because Trendmicro now covers these functions), however ...
Whilst Endpoint recognises that Trendmicro has superseded it's over AV and AM, it still throws an error on compliance checking with the complaint that I need to "enable Windows Defender Antimalware Real-Time Protection", but ...
As you, once you install another AV/AM suite, Microsofts AV/AM software (aka Windows Defender family) is disabled, so I simply cannot enable just enable Windows Defender Antimalware Real-Time Protection - not by control panel, registry, or powershell.
So I am stuck in a loop :|
Can admins specifically permit other anti-malware clients as demonstration of compliance? Or is this a bug in Endpoint compliance checking?
@Justin Moss Thanks for posting in our Q&A.
For this issue, could you please show the screen shots of more detailed information about non-compliance in device compliance? It will help us find which policy causes non-compliance.
https://video2.skills-academy.com/en-us/mem/intune/protect/compliance-policy-monitor#device-details
If there is anything update, feel free to let us know.
Here are the screenshots from Endpoint compliance check and Windows Defender Security Center: https://imgur.com/a/2JrRC75
@Justin Moss Maybe I didn't make my words clear.
Could you please click on a not compliant device in intune portal and then select the Device compliance to find the specific compliance policy that make the device not compliant? For the following article as an example:
I assume this Intune Portal is only available to admins - I am not an admin, therefore I cannot access this Portal. In any case, I know which device is apparently not compliant (my home PC) and the claimed reason (no Windows Defender Anti-Malware Real-time Protection AMRP). I can asks admins to do this however, aren't they going to find out exactly what I already know? That is - that by allowing any antivirus (with malware built-in) and simultaneously requiriing Microsoft AMRP, they are effectively making is possible to only be compliant if I run MS AV and AMRP.
@Justin Moss Thanks for your response.
Yes, intune portal is only available to admins.
For compliance issue, whether the device is compliant, it is based on the compliance policy that the company's IT configured. So, it is suggested to try to contact the company IT to confirm which policy causes the device not compliant.
If there is anything update, feel free to let us know.