In Windows 10 and Windows 11, application notifications about malware detection and remediation are more robust, consistent, and concise. Microsoft Defender Antivirus notifications appear on endpoints when scans are completed and threats are detected. Notifications follow both scheduled and manually triggered scans. These notifications also appear in the Notification Center, and a summary of scans and threat detections appear at regular time intervals.
If you're part of your organization's security team, you can configure how notifications appear on endpoints, such as notifications that prompt for a system reboot or that indicate a threat has been detected and remediated.
Configure antivirus notifications using Group Policy or the Windows Security app
You can configure the display of additional notifications, such as recent threat detection summaries, in the Windows Security app and with Group Policy.
Note
In Windows 10, version 1607 the feature was called Enhanced notifications and was configured under Windows Settings > Update & security > Windows Defender. In Group Policy settings for all versions of Windows 10 and Windows 11, the notification feature is called Enhanced notifications.
Use Group Policy to disable additional notifications
On your Group Policy management computer, open the Group Policy Management Console.
Right-click the Group Policy Object you want to configure, and then select Edit.
In the Group Policy Management Editor go to Computer configuration.
Select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Reporting.
Double-click Turn off enhanced notifications, and set the option to Enabled. Then select OK. This will prevent additional notifications from appearing.
Important
Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts.
Use the Windows Security app to disable additional notifications
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Security.
Select Virus & threat protection tile (or the shield icon on the left menu bar) and, then select Virus & threat protection settings
Scroll to the Notifications section and select Change notification settings.
Slide the switch to Off or On to disable or enable additional notifications.
Important
Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts.
Configure standard notifications on endpoints using Group Policy
You can use Group Policy to:
Display additional, customized text on endpoints when the user needs to perform an action
Hide all notifications on endpoints
Hide reboot notifications on endpoints
Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface for more information. Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the Microsoft Configuration Manager Endpoint Protection monitoring dashboard and reports.
To add custom contact information to endpoint notifications, see Customize the Windows Security app for your organization.
Use Group Policy to hide notifications
On your Group Policy management computer, open the Group Policy Management Console.
Right-click the Group Policy Object you want to configure, and then select Edit.
In the Group Policy Management Editor go to Computer configuration and then select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Client interface.
Double-click Suppress all notifications and set the option to Enabled.
Select OK. This will prevent additional notifications from appearing.
Use Group Policy to hide reboot notifications
On your Group Policy management computer, open the Group Policy Management Console.
Right-click the Group Policy Object you want to configure and then select Edit.
In the Group Policy Management Editor go to Computer configuration.
Click Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Client interface.
Double-click Suppresses reboot notifications and set the option to Enabled.
Select OK. This will prevent additional notifications from appearing.
Tip
If you're looking for Antivirus related information for other platforms, see:
Set preferences for Microsoft Defender for Endpoint on macOS
Microsoft Defender for Endpoint on Mac
macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
Set preferences for Microsoft Defender for Endpoint on Linux
Microsoft Defender for Endpoint on Linux
Configure Defender for Endpoint on Android features
Configure Microsoft Defender for Endpoint on iOS features
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Security. Scroll to the Notifications section and select Change notification settings. Slide the switch to Off or On to disable or enable additional notifications.
Sign in to the Microsoft Defender portal using at least a Security Administrator role. Select Endpoints > Configuration management > Endpoint security policies and then select Create new Policy. Select a platform from the dropdown list. Select a template, then select Create policy.
Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection. Under Virus & threat protection settings, select Manage settings, and then under Exclusions, select Add or remove exclusions. Select Add an exclusion, and then select from files, folders, file types, or process.
From Defender for Cloud's sidebar, select Workflow automation.From this page, create new automation rules, enable, disable, or delete existing ones. A scope refers to the subscription where the workflow automation is deployed. To define a new workflow, select Add workflow automation.
Navigate to Microsoft Defender for Cloud > Security alerts.
(Optional) Filter the alerts list with any of the relevant filters. You can add extra filters with the Add filter option. The list updates according to the filters selected.
Microsoft Defender for Office 365 is a cloud-based product offering protection against email threats and safeguarding files stored in the cloud. Microsoft Defender for Endpoint provides cybersecurity against malware, spyware and other malicious software.
Defender for Endpoint operates in the Microsoft Azure data centers in the European Union, the United Kingdom, the United States, Australia, Switzerland, or India.
Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security. Select the Virus & threat protection tile (or the shield icon on the left menu bar). Select Virus & threat protection settings. Toggle the Real-time protection switch to On.
Go to Microsoft Defender XDR and sign in using an account with the Security administrator or Global administrator role assigned. In the navigation pane, select Settings > Endpoints > General > Email notifications.
Expand the tree to Windows Components > Microsoft Defender Antivirus. Double-click Configure detection for potentially unwanted applications, and set it to Enabled. In Options, select Block to block potentially unwanted applications, or select Audit Mode to test how the setting works in your environment. Select OK.
Go to the Microsoft Defender portal (https://security.microsoft.com) and sign in. In the navigation pane, select Settings, and then select Endpoints. Then, under General, select Email notifications. Review the information on the Alerts and Vulnerabilities tabs.
A security incident is a collection of related alerts. Incidents provide you with a single view of an attack and its related alerts, so that you can quickly understand the actions an attacker took, and the affected resources.
The Notifications page of Windows Security settings lets you configure what kind of notifications you want to receive. You can find it by going to Settings in the lower left corner of the Windows Security app and selecting Manage notifications.
In Defender for IoT in the Azure portal, select the Alerts page on the left, and then select an alert in the grid. Either on the details pane on the right, or in an alert details page itself, select the new status and/or severity.
From Defender for Cloud's security alerts page, select the alert you want to suppress. From the details pane, select Take action. In the Suppress similar alerts section of the Take action tab, select Create suppression rule.
Address: 5789 Michel Vista, West Domenic, OR 80464-9452
Phone: +97313824072371
Job: Education Orchestrator
Hobby: Lockpicking, Crocheting, Baton twirling, Video gaming, Jogging, Whittling, Model building
Introduction: My name is Rob Wisoky, I am a smiling, helpful, encouraging, zealous, energetic, faithful, fantastic person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.