Edit

Share via

Manage devices in Microsoft Defender for Business

  • Article

In Defender for Business, you can manage devices as follows:

View the list of onboarded devices

Screenshot of device inventory

  1. In the Microsoft Defender portal at https://security.microsoft.com, go to Assets > Devices. Or, to go directly to the Device inventory page, use https://security.microsoft.com/machines.
  2. On the Device inventory page, you can see the list of devices and view some information about them.
  3. Select a device from the list to open the details flyout for the device, where you can learn more about the status of the device and take actions.

If no devices are listed, see Onboard devices to Defender for Business

Take action on a device that has threat detections

Screenshot of a selected device with details and actions available.

  1. In the Microsoft Defender portal at https://security.microsoft.com, go to Assets > Devices. Or, to go directly to the Device inventory page, use https://security.microsoft.com/machines.
  2. On the Device inventory page, select a device from the list.
  3. In the details flyout that opens, select More, and then select an available action (for example, Run antivirus scan or Initiate Automated Investigation).

View the state of Microsoft Defender Antivirus

Microsoft Defender Antivirus is a key component of next-generation protection in Defender for Business. To view the state of Microsoft Defender Antivirus, you have several options:

Microsoft Defender Antivirus has one of the following states on devices:

  • Active mode (recommended): Microsoft Defender Antivirus is the exclusive antivirus app on a device onboarded to Defender for Business. Files are scanned and threats are remediated. Detection information is reported in the Microsoft Defender portal and in the Windows Security app on Windows devices.

    We recommend active mode so devices onboarded to Defender for Business get all of the following types of protection:

    • Real-time protection: Locates and stops malware from running on devices.
    • Cloud protection: Works with Microsoft Defender Antivirus and the Microsoft cloud to identify new threats, sometimes even before a single device is affected.
    • Network protection: Helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet.
    • Web content filtering: Regulates access to websites based on content categories (such as adult content, high bandwidth, and legal liability) across all browsers.
    • Protection from potentially unwanted applications: For example:
      • Advertising software.
      • Bundled software that offers to install other, unsigned software.
      • Evasion software that attempts to evade security features.

  • Passive mode: A non-Microsoft antivirus/antimalware product is installed on a device onboarded to Defender for Business. Microsoft Defender Antivirus can detect threats and can receive security intelligence and platform updates. But Microsoft Defender Antivirus doesn't remediate threats.

    You can automatically switch to active mode by uninstalling the non-Microsoft antivirus/antimalware product.

  • Disabled mode: Also known as uninstalled mode. A non-Microsoft antivirus/antimalware product is installed on a device that isn't onboarded to Defender for Business. Microsoft Defender Antivirus isn't currently running on the device; it might be automatically disabled or manually disabled. Microsoft Defender Antivirus can't detect or remediate threats on the device.

    You can switch to active mode by doing the following steps:

    1. Uninstall the non-Microsoft antivirus/antimalware solution.
    2. Onboard the device to Defender for Business.

Onboard a device

For more information, see Onboard devices to Defender for Business.

Offboard a device

For more information, see Offboarding a device.

Next steps