IntuneAntivirusPolicyWindows10SettingCatalog

Parameters

Parameter Attribute DataType Description Allowed Values
dataType Write String The type of the target assignment. #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget
deviceAndAppManagementAssignmentFilterType Write String The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. none, include, exclude
deviceAndAppManagementAssignmentFilterId Write String The Id of the filter for the target assignment.
groupId Write String The group Id that is the target of the assignment.
collectionId Write String The collection Id that is the target of the assignment.(ConfigMgr)
Identity Key String Identity of the endpoint protection policy for Windows 10.
DisplayName Write String Display name of the endpoint protection policy for Windows 10.
Description Write String Description of the endpoint protection policy for Windows 10.
allowarchivescanning Write String Allows or disallows scanning of archives. (0: disable feature. 1: enable feature) 0, 1
allowbehaviormonitoring Write String Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature) 0, 1
allowcloudprotection Write String To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature) 0, 1
allowemailscanning Write String Allows or disallows scanning of email. (0: disable feature. 1: enable feature) 0, 1
allowfullscanonmappednetworkdrives Write String Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature) 0, 1
allowfullscanremovabledrivescanning Write String Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature) 0, 1
allowintrusionpreventionsystem Write String https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature) 0, 1
allowioavprotection Write String Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature) 0, 1
allowrealtimemonitoring Write String Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature) 0, 1
allowscanningnetworkfiles Write String Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature) 0, 1
allowscriptscanning Write String Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature) 0, 1
allowuseruiaccess Write String Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI) 0, 1
avgcpuloadfactor Write SInt32 Represents the average CPU load factor for the Windows Defender scan (in percent).
checkforsignaturesbeforerunningscan Write String This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature) 0, 1
cloudblocklevel Write String This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level) 0, 2, 4, 6
cloudextendedtimeout Write SInt32 This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
daystoretaincleanedmalware Write SInt32 Time period (in days) that quarantine items will be stored on the system.
disablecatchupfullscan Write String This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled) 0, 1
disablecatchupquickscan Write String This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled) 0, 1
enablelowcpupriority Write String This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature) 0, 1
enablenetworkprotection Write String This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode) 0, 1, 2
excludedextensions Write StringArray[] Allows an administrator to specify a list of file type extensions to ignore during a scan.
excludedpaths Write StringArray[] Allows an administrator to specify a list of directory paths to ignore during a scan.
excludedprocesses Write StringArray[] Allows an administrator to specify a list of files opened by processes to ignore during a scan.
puaprotection Write String Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode) 0, 1, 2
realtimescandirection Write String Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files) 0, 1, 2
scanparameter Write String Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan) 1, 2
schedulequickscantime Write SInt32 Selects the time of day that the Windows Defender quick scan should run.
schedulescanday Write String Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan) 0, 1, 2, 3, 4, 5, 6, 7, 8
schedulescantime Write SInt32 Selects the time of day that the Windows Defender scan should run.
signatureupdatefallbackorder Write StringArray[] This policy setting allows you to define the order in which different definition update sources should be contacted.
signatureupdatefilesharessources Write StringArray[] This policy setting allows you to configure UNC file share sources for downloading definition updates.
signatureupdateinterval Write SInt32 Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.
submitsamplesconsent Write String Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically) 0, 1, 2, 3
disablelocaladminmerge Write String This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge 0, 1
allowonaccessprotection Write String Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature) 0, 1
lowseveritythreats Write String Allows an administrator to specify low severity threats corresponding action ID to take. clean, quarantine, remove, allow, userdefined, block
moderateseveritythreats Write String Allows an administrator to specify moderate severity threats corresponding action ID to take. clean, quarantine, remove, allow, userdefined, block
severethreats Write String Allows an administrator to specify high severity threats corresponding action ID to take. clean, quarantine, remove, allow, userdefined, block
highseveritythreats Write String Allows an administrator to specify severe threats corresponding action ID to take. clean, quarantine, remove, allow, userdefined, block
Assignments Write InstanceArray[] Represents the assignment to the Intune policy.
Ensure Write String Present ensures the policy exists, absent ensures it is removed Present, Absent
Credential Write PSCredential Credentials of the Intune Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com
ApplicationSecret Write String Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.

IntuneAntivirusPolicyWindows10SettingCatalog

Description

This resource configures an Intune Endpoint Protection Antivirus policy for a Windows 10 Device. This policy setting enables the management of Microsoft Defender Antivirus for Windows 10 using the settings catalog.