Configuring Microsoft Defender Antivirus for Session Hosts
Start course

This course will help you manage security on your Azure Virtual Desktop and allow you to understand how it integrates with the other Azure services. It covers understanding conditional access policies, multi-factor authentication, integrating with Microsoft Defender for Cloud, and deploying antivirus onto session hosts.

Learning Objectives

  • Plan and implement conditional access policies for connection to Azure Virtual Desktop
  • Plan and implement Multi-Factor Authentication in Azure Virtual Desktop
  • Manage security by using Microsoft Defender for Cloud
  • Configure Microsoft Defender Antivirus for session hosts

Intended Audience

This course is intended for anyone who wants to become an Azure Virtual Desktop Specialist or anyone preparing to take the AZ-140 exam.


If you wish to get the most out of this course, you should have a good understanding of Azure administration, however, this is not essential.


Welcome to this module on Configuring Microsoft Defender Antivirus for Session Hosts. We will cover the following topics in this module. What is Microsoft Defender Antivirus? What are the requirements to run Microsoft Defender Antivirus in a VDI environment? We'll take a closer look at the security intelligence updates for Windows 10 OS.

Let's start off by explaining what Microsoft Defender Antivirus is. This is next-generation protection services that are hosted by Microsoft 365 and part of its wider security suite. It combines machine learning, big-data analysis and in-depth resistance research to offer a robust protection layer for Windows 11, 10 and Server OS. There are two modes.

First, we have Active mode which is utilized as the primary antivirus application on the device, so it remediates threats. And then, we have passive mode, where Microsoft Defender Antivirus is not utilized as the primary antivirus, so it does not remediate threats. As with most Microsoft Cloud services, there are a number of requirements that need to be met before it can be implemented with Azure Virtual Desktop. From a licensing perspective, it is included as part of the Microsoft 365 E5, E3, E5 security, and A5 security subscriptions. It is supported on both server OS from 2008 R2 SP1 or higher and from Windows 7 SP1 and higher, including Windows 10 and 11.

Finally, before you can turn this service on, you need to ensure you are using an Azure account with the relevant role assigned to it, which includes Global Administrator, Security Administrator, and Compliance Administrator to name a few. In this final section of this module, we are going to discuss security intelligence for Windows 10 operating system. Microsoft continually updates security intelligence in antimalware products to cover the latest threats, and constantly tweak detection logic. This security intelligence works directly with cloud-based protection to deliver fast and powerful AI-enhanced, next-generation protection. Network Inspection System updates are designed to protect you from network threats, including exploits as they are transmitted.

About the Author

Shabaz Darr is a Senior Infrastructure Specialist at Netcompany based in the UK. He has 15 years plus experience working in the IT industry, 7 of those he has spent working with Microsoft Cloud Technologies in general, with a focus on MEM and IaaS. Shabaz is a Microsoft MVP in Enterprise Mobility with certifications in Azure Administration and Azure Virtual Desktop. During his time working with Microsoft Cloud, Shabaz has helped multiple public and private sector clients in the UK with designing and implementing secure Azure Virtual Desktop environments.