EnableRemoteManagedDefaults

EnableRemoteManagedDefaults specifies whether to configure Microsoft Defender to be remotely managed using recommended default settings:

Name Default setting for remote management of Microsoft Defender

Scan\CheckForSignaturesBeforeScan

true

Scan\AvgCPULoadFactor

20

Threats\ThreatSeverityDefaultAction

quarantine

Scan\DisableRestorePoint

false

Scan\DisableReparsePoint

false

UX Configuration\UILockdown

true

Quarantine\PurgeItemsAfterDelay

35 days

Signature Updates\SignatureUpdateInterval

11 hours

Signature Updates\FallbackOrder

InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC

Scan\DisableRemovableDriveScanning

false

Scan\DisableScanningNetworkFiles

true

If configured, Microsoft Defender will not display any user interface on the local computer. The default settings can still be overridden using Group Policy.

Microsoft Defender is an application that can prevent, remove, and quarantine malware (malicious software) and spyware.

Values

true

Configures Microsoft Defender for remote management.

false

Does not configure Microsoft Defender for remote management. This is the default value.

Valid Configuration Passes

oobeSystem

offlineServicing

specialize

Parent Hierarchy

Security-Malware-Windows-Defender | EnableRemoteManagedDefaults

Applies To

For Windows Windows Server 2016 editions, Microsoft Defender is installed with the operating system.

For Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008, Microsoft Defender is installed with the Desktop Experience Pack.

For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.

XML Example

The following XML output shows how to Microsoft Defender to be remotely managed using recommended default settings.

<EnableRemoteManagedDefaults>true</EnableRemoteManagedDefaults>

Security-Malware-Windows-Defender