You can use Microsoft 365 Business to ensure that Windows Defender Antivirus is activated on Windows 10 devices and Microsoft updates are automatically downloaded to users' devices.
Sign in to the Microsoft 365 admin center.
Under Policies, choose Add policy.
In the Add policy pane, enter a name under Policy name, and then select Windows 10 Device Configuration under Policy type.
Choose Secure Windows 10 devices to see the subsettings.
Make sure that Help protect PCs from viruses and other threats using Windows Defender Antivirus and Keep Windows 10 devices up to date automatically are turned on.
Under Who will get these settings?, all users are selected by default, but you can choose Change to select any security groups you've created.
To finish creating the policy, choose Add.
On the Add policy page, choose Close.
On the admin center home page, confirm that your new policy was added by choosing Policies and reviewing your policy on the Policies page.
To verify that the policy has taken effect, on a user's Windows 10 device, go to Windows Update, choose Advanced options, and confirm that settings are grayed out.
Then, click Choose how updates are delivered, and confirm that settings are grayed out and the following message appears: Some settings are hidden or managed by your organization.
As an IT admin, one of your main concerns is to make sure your PCs are secure. With the rise in threats, such as malware, this can be a challenge. Microsoft 365 Business can help by ensuring that Windows Defender Antivirus is activated on Windows 10 devices and Microsoft updates are automatically downloaded. Let's get started.
Sign in to the Microsoft 365 Business admin center and add a new policy.
Name the policy, and select Windows 10 Device Configuration as the policy type. Select the setting to see the sub-settings that let you control security on Windows 10 devices. We're going to look at two settings here just to make sure they're turned on.
The first one is right up top: Help protect PCs from viruses and other threats using Windows Defender Antivirus. And I can see that it's already on. And this one at the bottom, Keep Windows 10 devices up to date automatically, is also on. That's what we want, so let's leave these settings as is.
Now if you change any of these settings and you ever want to go back to the original settings that came with Microsoft 365 Business, just choose Restore default settings.
Now, choose the groups you want to apply these settings to. By default, All Users are selected. But you can change this and select any security groups you've created. Any new users you create will automatically be added to the All Users group. And any policies assigned to the group will be applied to the new users' devices.
Now click Add to finish creating the policy. And confirm that this new policy was added.
It may take up to a few hours for the policy to take effect on users' devices. Once it does, users won't be able to modify the Windows Update and Windows Defender Antivirus settings on their Windows 10 devices.
Here's how you can verify that the policy has taken effect. On a user's Windows 10 device, go to the Windows Update Advanced options and confirm that settings are grayed out. If they are, you know the policy is active. When you select the option to choose how updates are delivered, confirm that you can see the message that some settings are hidden or managed by your organization, along with grayed-out settings.
Occasionally, users may get a notification that Windows Defender Antivirus performed a scan. You can see the details by opening the Action Center in Windows 10. Now, when users use their Windows 10 PCs, updates will be downloaded automatically, and Windows Defender Antivirus will be active in the background.
Learn more about policies by checking out the Manage Microsoft 365 Business