1.1. Virus & threat protection settings


As of 20H2 Microsoft Defender can no longer be disabled unless antivirus is installed. Tamper Protection can no longer be disabled.

After every major windows update, verify these settings.

Windows Defender renamed to Microsoft Defender in 20H2. See Microsoft Defender for non-GUI Microsoft Defender settings. Telemetry for telemetry services.

1.1.1. Real-time protection

1.1.2. Cloud-delivered protection

1.1.3. Automatic sample submission

1.1.4. Exclusions

1.1.5. Notifications Virus & threat protection notifications Get account protection notifications

1.1.6. Firewall

Endpoints for telemetry may change. Peridiocally verify these have not changed. See references for additional documentation.


These endpoints should be blocked or routed to a blackhole. See Pi-Hole and DNAT for Captive DNS.


  1. Configure Windows Diagnostic Data

  2. Manage connections from Windows 10 to Microsoft Services

  3. Remove Microsoft Defender Telemetry