title: Enable and configure Microsoft Defender Antivirus protection features description: Enable behavior-based, heuristic, and real-time protection in Microsoft Defender Antivirus. ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium author: chrisda ms.author: chrisda ms.topic: install-set-up-deploy ms.custom: nextgen ms.reviewer: yongrhee manager: bagol ms.collection:
- m365-security
- tier2
- mde-ngp
search.appverid: met150
ms.date: 10/20/2025
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
Microsoft Defender Antivirus uses several methods to provide threat protection:
- Cloud protection for near-instant detection and blocking of new and emerging threats
- Always-on scanning, using file and process behavior monitoring and other heuristics (also known as "real-time protection")
- Dedicated protection updates based on machine learning, human and automated big-data analysis, and in-depth threat resistance research
You can configure how Microsoft Defender Antivirus uses these methods with Microsoft Defender for Endpoint Security Configuration Management, Microsoft Intune, Microsoft Configuration Manager, Group Policy, PowerShell cmdlets, and Windows Management Instrumentation (WMI).
This section covers configuration for always-on scanning, including how to detect and block apps that are deemed unsafe, but might not be detected as malware.
See Use next-gen Microsoft Defender Antivirus technologies through cloud protection for how to enable and configure Microsoft Defender Antivirus cloud protection.
- Windows
| Article | Description |
|---|---|
| Detect and block potentially unwanted applications | Detect and block apps that mighty be unwanted in your network, such as adware, browser modifiers and toolbars, and rogue or fake antivirus apps |
| Enable and configure Microsoft Defender Antivirus protection capabilities | Enable and configure real-time protection, heuristics, and other always-on Microsoft Defender Antivirus monitoring features |
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features