Microsoft Endpoint Administrator — Question 216

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Microsoft Entra joined and are enrolled in Microsoft Intune.

You plan to manage Microsoft Defender for Endpoint on the computers.

You need to prevent users from disabling Microsoft Defender for Endpoint.

What should you do?

Answer options

• A. From the Microsoft Intune admin center, create an attack surface reduction (ASR) policy.
• B. From the Microsoft Intune admin center, create an account protection policy.
• C. From the Microsoft Defender portal, enable tamper protection.
• D. From the Microsoft Intune admin center, create a device compliance policy.

Correct answer: C

Explanation

The correct answer is C, enabling tamper protection from the Microsoft Defender portal, which prevents users from disabling or modifying security settings in Microsoft Defender for Endpoint. The other options involve creating different types of policies that do not specifically address the need to protect Microsoft Defender from being turned off by users.