Tamper Protection Now Available to Microsoft Defender ATP Subscribers

The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

The feature, which prevents changes from being made to Windows 10 client security features by malicious applications or even by local administrators, is now available at the "general availability" stage. Tamper protection had earlier been at the preview stage back in March. The feature just works with Windows 10 version 1903 or later clients, and it requires using the Windows Defender Antivirus program.

General availability means that tamper protection is deemed ready for use by organizations. However, an IT pro with a "global admin, security admin, or security operations" role will need to enable it first before it takes effect, according to Microsoft's documentation. It's not enabled by default for organizations.

Consumer Version
For consumer users, tamper protection "will be enabled by default" on Windows 10 Home edition versions. It's currently being rolled out to them "gradually," according to Microsoft's announcement, which did not provide timeline details. An early review of the consumer version can be found in this Redmond article.

Tamper protection seems like a pretty basic security protection for organizations, as well as for consumers. However, not every organization may have the licensing to use it.

Organizational Requirements
Tamper protection is just for organizations with Microsoft Defender ATP E5 licensing. They'll also need to be using the Microsoft Intune client management service to turn on tamper protection. Users of System Center Configuration Manager (SCCMM) are out of luck as Microsoft doesn't currently support tamper protection with that management tool.

It's also not possible to turn on tamper protection using Group Policy. Microsoft's documentation flatly rejected the notion that Group Policy could be used with tamper protection in the future.

The requirements to use tamper protection include having the following in place:

  • A subscription to Microsoft Defender ATP E5 (the E3 plan isn't supported)
  • A subscription to Microsoft Intune
  • Use of Windows Defender Antivirus (version 4.18.1906.3 or above) with security intelligence updates turned on
  • Use of Windows 10 version 1903 or later

Tamper protection will not work on client devices that aren't using Windows Defender Antivirus. Surprisingly, the tamper protection feature does not include support for Windows Server products.

Tamper protection won't have an effect on "third-party antivirus registration," Microsoft promised. IT pros using tamper protection will get alerts when there are attempts to alter security features. These alerts will be available through the Microsoft Defender ATP management portal.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.