Tamper protection in Microsoft Defender for Endpoint will be enabled by default for all Microsoft tenants on October 24th.


This will be enabled on all WPI-owned IT-managed devices. Tamper protection ensures end users cannot disable Defender. Admins can still override if needed.

Action Needed

No action is needed by Windows machine users. Additional information from Microsoft is available in Actions.


As explained by Microsoft, "Tamper protection in Microsoft Defender for Endpoint protects your organization from unwanted changes to your security settings. Tamper protection helps prevent unauthorized users and malicious actors from turning off threat protection features, such as antivirus protection. Tamper protection also includes the detection of, and response to, tampering attempts."

Additional details are in Defender Tamper Protection (Actions)