Configure Microsoft Defender Antivirus notifications that appear on endpoints
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
Platforms
- Windows
In Windows 10 and Windows 11, application notifications about malware detection and remediation are more robust, consistent, and concise. Microsoft Defender Antivirus notifications appear on endpoints when scans are completed and threats are detected. Notifications follow both scheduled and manually triggered scans. These notifications also appear in the Notification Center, and a summary of scans and threat detections appear at regular time intervals.
If you're part of your organization's security team, you can configure how notifications appear on endpoints, such as notifications that prompt for a system reboot or that indicate a threat has been detected and remediated.
Configure antivirus notifications using Group Policy or the Windows Security app
You can configure the display of additional notifications, such as recent threat detection summaries, in the Windows Security app and with Group Policy.
Note
In Windows 10, version 1607 the feature was called Enhanced notifications and was configured under Windows Settings > Update & security > Windows Defender. In Group Policy settings for all versions of Windows 10 and Windows 11, the notification feature is called Enhanced notifications.
Use Group Policy to disable additional notifications
On your Group Policy management computer, open the Group Policy Management Console.
Right-click the Group Policy Object you want to configure, and then select Edit.
In the Group Policy Management Editor go to Computer configuration.
Select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Reporting.
Double-click Turn off enhanced notifications, and set the option to Enabled. Then select OK. This will prevent additional notifications from appearing.
Important
Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts.
Use the Windows Security app to disable additional notifications
Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Security.
Select Virus & threat protection tile (or the shield icon on the left menu bar) and, then select Virus & threat protection settings
Scroll to the Notifications section and select Change notification settings.
Slide the switch to Off or On to disable or enable additional notifications.
Important
Disabling additional notifications will not disable critical notifications, such as threat detection and remediation alerts.
Configure standard notifications on endpoints using Group Policy
You can use Group Policy to:
- Display additional, customized text on endpoints when the user needs to perform an action
- Hide all notifications on endpoints
- Hide reboot notifications on endpoints
Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface for more information. Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the Microsoft Configuration Manager Endpoint Protection monitoring dashboard and reports.
To add custom contact information to endpoint notifications, see Customize the Windows Security app for your organization.
Use Group Policy to hide notifications
On your Group Policy management computer, open the Group Policy Management Console.
Right-click the Group Policy Object you want to configure, and then select Edit.
In the Group Policy Management Editor go to Computer configuration and then select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Client interface.
Double-click Suppress all notifications and set the option to Enabled.
Select OK. This will prevent additional notifications from appearing.
Use Group Policy to hide reboot notifications
On your Group Policy management computer, open the Group Policy Management Console.
Right-click the Group Policy Object you want to configure and then select Edit.
In the Group Policy Management Editor go to Computer configuration.
Click Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > Client interface.
Double-click Suppresses reboot notifications and set the option to Enabled.
Select OK. This will prevent additional notifications from appearing.
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.