This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Tamper protection in Microsoft Defender for Endpoint protects your organization from unwanted changes to your security settings. Tamper protection helps prevent unauthorized users and malicious actors from turning off threat protection features, such as antivirus protection. Tamper protection also includes the detection of, and response to, tampering attempts.

Starting last year, to better protect our customers from ransomware attacks we turned on tamper protection by default for all new customers with Defender for Endpoint Plan 2 or Microsoft 365 E5 licenses. To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal. For customers who haven’t already configured tamper protection, they’ll soon receive a notification stating that it will be turned on in 30 days. For example, public preview customers receive a notification on September 21, 2022 indicating that tamper protection will be turned on 30 days later, on October 24, 2022.

The following screenshot shows what the notification looks like:

Why should tamper protection be turned on?

Human operated ransomware is one of the biggest cybersecurity challenges facing customers today.  Post-mortems of ransomware attacks have revealed two things: 

• Attackers are using a common set of tactics, techniques, and procedures (TTPs)
• Defender for Endpoint could have helped more in preventing the attack if the controls that address those TTPs were configured. 

We recommend that you turn tamper protection on and keep it enabled across your organization.

How to opt out

If you prefer that tamper protection not be turned on automatically for your tenant, you can explicitly opt out as follows:

1. Go to security.microsoft.com and sign in.
2. Go to Settings > Endpoints > Advanced features
3. Turn tamper protection on by selecting its toggle.
4. Select Save preferences
5. Turn tamper protection off by selecting its toggle.
6. Select Save preferences.

By explicitly turning tamper protection off, your intent to keep tamper protection turned off will be registered for your tenant. For more information see Protect security settings with tamper protection | Microsoft Docs.

• If you encounter issues with devices, you can use troubleshooting mode: Get started with troubleshooting mode in Microsoft Defender for Endpoint | Microsoft Docs
• If you are concerned about application compatibility with tamper protection, you can specify which devices to have tamper protection disabled.
• You can exclude devices from tamper protection by creating a profile in Microsoft Endpoint Manager
• You can exclude devices from tamper protection by using Security Management for Defender for Endpoint
• Note: Tamper protection is included in the Windows Security Experience, located within the Virus & threat protection settings section.

Learn more

• Built-in protection helps guard against ransomware | Microsoft Docs

• Tamper Protection
• Make sure Tamper Protection is turned on
• Protect security settings with tamper protection
• Prevent changes to security settings with Tamper Protection

• Defender for Endpoint security configuration management
• Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint | Microsoft Docs