Intune – You can now monitor your Windows Defender devices from the portal

As you know, you can manage Windows Defender settings by creating device configuration profiles using Intune/Endpoint Configuration Manager, including devices managed by SCCM (aka on-premises server) – see

Well, you can now monitor the health of all the devices protected by Windows Defender directly from the Intune/Endpoint Configuration Manager portal, including the ones managed by SCCM.

To start using these reports, which cover policies applied to devices, health status or detected malware, connect to your Endpoint Configuration Manager portal ( and access the Endpoint security\Antivirus blade


There you will get overview reports about your Windows Defender endpoints

image_thumb[1]  image_thumb[2]

As for most of the available reports, you can edit the information displayed by selecting/unselecting column and download the data.

Reports are refreshed every 20 minutes or so.

In addition of these overview reports, you can get a more detailed organizational reports by accessing the Reports\Microsoft Defender Antivirus blade


You will have to request to generate the report by hitting the Generate report button which will take few minutes to complete.


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies