Azure

Microsoft Defender for Endpoint (MDE), Common Actions

Summary

The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

Linux

  • Get protection status: mdatp health
  • Get the history of incidents: mdatp threat list
  • Run full scan: mdatp scan full
  • Advanced topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
  • Force update definitions: mdatp definitions update
  • Create false positive incident: wget "https://secure.eicar.org/eicar.com.txt"

  • Summary

    The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

    Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

    System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

    Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

  • Linux

  • Get protection status: mdatp health
  • Get the history of incidents: mdatp threat list
  • Run full scan: mdatp scan full
  • Advanced topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
  • Force update definitions: mdatp definitions update
  • Create false positive incident: wget "https://secure.eicar.org/eicar.com.txt"

  • Summary

    The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

    Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

    System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

    Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

  • Linux

  • Get protection status: mdatp health
  • Get the history of incidents: mdatp threat list
  • Run full scan: mdatp scan full
  • Advanced topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
  • Force update definitions: mdatp definitions update
  • Create false positive incident: wget "https://secure.eicar.org/eicar.com.txt"

Up Next
    Ebook Download
    View all
    Azure Book
    Read by 2 people
    Download Now!
    Learn
    View all
    Get Started

    You need to be a premium member to use this feature. To access it, you'll have to upgrade your membership.

    Become a sharper developer and jumpstart your career.

    Basic

    $0

    $

    . 00

    monthly

    For Basic members:

    • Standard Profile
    • Access learning courses
    • Access free e-books
    • 1x point
    Premium

    $20

    $

    . 00

    monthly

    For Premium members:

    • Earn 2x reward points
    • Premium profile with Verified check
    • Premium Avatar with status update
    • Learning courses
    • Unlimited Certifications and badges on profile
    • Unlimited Book downloads
    • Access to Premium content
    • Online Training
    • Unlimited PDF conversions and downloads
    • Professional Resume Writing
    • Interview Preparations Guide
    • 25 messages per month
    • 1 "Kodzu" avatar, basic
    Elite

    $45

    $

    . 00

    monthly

    For Elite members:

    • Bundle E-books
    • Access to all Learn Series
    • Unlimited Apply Jobs