Microsoft Endpoint Administrator — Question 177

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune.

You plan to manage Microsoft Defender Antivirus on the computers.

You need to prevent users from disabling Microsoft Defender for Endpoint.

What should you do?

Answer options

• A. From the Microsoft Intune admin center, create an attack surface reduction (ASR) policy.
• B. From the Microsoft 365 Defender portal, enable tamper protection.
• C. From the Microsoft Intune admin center, create an account protection policy.
• D. From the Microsoft Entra admin center, create a Conditional Access policy.

Correct answer: B

Explanation

The correct answer is B because enabling tamper protection in the Microsoft 365 Defender portal prevents users from turning off Microsoft Defender for Endpoint. Option A, while useful for protecting against threats, does not specifically prevent users from disabling Defender. Option C focuses on account protection but does not address the issue of disabling Defender. Option D relates to access policies and does not impact the functionality of Microsoft Defender.