title: Define how mobile devices are updated by Microsoft Defender Antivirus description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender Antivirus protection updates. ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: how-to author: batamig ms.author: bagol ms.custom: nextgen ms.reviewer: yongrhee manager: bagol ms.subservice: ngp ms.collection:
- m365-security
- tier2
search.appverid: met150
ms.date: 10/20/2025
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
Mobile devices and VMs may require more configuration to ensure performance is not impacted by updates.
There are two settings that are useful for these devices:
- Opt in to Microsoft Update on mobile computers without a WSUS connection
- Prevent Security intelligence updates when running on battery power
The following articles may also be useful in these situations:
- About scheduled scans
- Manage updates for endpoints that are out of date
- Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment
- Windows
You can use Microsoft Update to keep Security intelligence on mobile devices running Microsoft Defender Antivirus up to date when they are not connected to the corporate network or don't otherwise have a WSUS connection.
This means that protection updates can be delivered to devices (via Microsoft Update) even if you have set WSUS to override Microsoft Update.
You can opt in to Microsoft Update on the mobile device in one of the following ways:
- Change the setting with Group Policy.
- Use a VBScript to create a script, then run it on each computer in your network.
- Manually opt in every computer on your network through the Settings menu.
-
On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.
-
In the Group Policy Management Editor go to Computer configuration.
-
Select Policies then Administrative templates.
-
Expand the tree to Windows components > Microsoft Defender Antivirus > Signature Updates.
-
Set Allow security intelligence updates from Microsoft Update to Enabled, and then select OK.
-
Use the instructions in the MSDN article Opt-In to Microsoft Update to create the VBScript.
-
Run the VBScript you created on each computer in your network.
-
Open Windows Update in Update & security settings on the computer you want to opt in.
-
Select Advanced options.
-
Select the checkbox for Give me updates for other Microsoft products when I update Windows.
You can configure Microsoft Defender Antivirus to only download protection updates when the PC is connected to a wired power source.
-
On your Group Policy management machine, open the Group Policy Management Console, choose the Group Policy Object you want to configure, and open it for editing.
-
In the Group Policy Management Editor go to Computer configuration.
-
Select Policies then Administrative templates.
-
Expand the tree to Windows components > Microsoft Defender Antivirus > Signature Updates, and then set Allow security intelligence updates when running on battery power to Disabled. Then select OK.
This action prevents protection updates from downloading when the PC is on battery power.
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features