Intune – You can now monitor your Windows Defender devices from the portal

As you know, you can manage Windows Defender settings by creating device configuration profiles using Intune/Endpoint Configuration Manager, including devices managed by SCCM (aka on-premises server) – see

Well, you can now monitor the health of all the devices protected by Windows Defender directly from the Intune/Endpoint Configuration Manager portal, including the ones managed by SCCM.

To start using these reports, which cover policies applied to devices, health status or detected malware, connect to your Endpoint Configuration Manager portal ( and access the Endpoint securityAntivirus blade


There you will get overview reports about your Windows Defender endpoints

image_thumb[1]  image_thumb[2]

As for most of the available reports, you can edit the information displayed by selecting/unselecting column and download the data.

Reports are refreshed every 20 minutes or so.

In addition of these overview reports, you can get a more detailed organizational reports by accessing the ReportsMicrosoft Defender Antivirus blade


You will have to request to generate the report by hitting the Generate report button which will take few minutes to complete.