Microsoft Defender for Endpoint is an enterprise-level endpoint security solution that can prevent, detect, investigate, and respond to advanced threats. Microsoft Defender Antivirus is one of the major components of this entire security platform.
Microsoft Defender Antivirus, or simply Defender Antivirus, is integrated into Windows and operates in conjunction with Microsoft Defender for Endpoint. It can be centrally managed through the Intune admin Center.
There are various methods to verify the Defender Antivirus signature version or security intelligence update build number. If you have only a few devices, you can manually check the Defender AV signature version through the Windows Security App.
However, if you are managing all your organization’s devices using Intune, you can also download a report from the Intune admin Center which shows the Defender AV signature version information. Let’s check the steps:
Table of Contents
Method 1 – Check Defender Signature Version from Intune Admin Center
To check the list of devices with the Defender Signature version, follow the steps below:
- Login to the Intune admin center.
- Go to Reports > Microsoft Defender Antivirus.
- Click on the Reports tab and then click on Antivirus agent status.
- Click on the “Columns” button, and then uncheck the ones which are not needed. For example, I have selected only two columns from the list: Device state and Signature Version. After selecting the desired columns, click on the “Generate Report” button to generate the report.
- You can refresh the report at any time by clicking on the “Generate” button again. Utilize dropdown filters to tailor the report and include only relevant data according to your requirements. In addition to the Signature version, you can also incorporate details such as Engine version, Last reported date, Last full scan date, Reboot required, etc.
Method 2 – Export Defender Antivirus Report to a CSV file
To export the Defender Antivirus report with all selected columns, including Antivirus definitions/signature version, please follow the steps below:
- Login to the Intune admin center.
- Navigate to Reports > Microsoft Defender Antivirus.
- Click on the “Columns” button and select the columns you want in your report.
- Click on “Generate Report“.
- Click on “Export” and then confirm by clicking “Yes” to export the data in a CSV file.
The exported report will be in a Zip file. Extract the content into a separate folder, which will contain the Defender Antivirus report in CSV format.
Method 3 – Check Defender Antivirus Signature Version Manually
If you are not managing your organization’s devices using Intune, you can also check the Microsoft Defender Antivirus signature version manually. Let’s go through the steps for the same:
- Login to your Windows 10 or Windows 11 device.
- Go to Start and search for “Windows Security“.
- Click on “Settings” at the bottom left corner of the window.
- Click on the “About” link.
After clicking on the “About” link, you will find the following information on the About page:
- Antimalware Client Version
- Engine Version
- Antivirus Version
- Antispyware Version
Method 4 – Check Defender Antivirus Signature Version Using Powershell
You can also use the PowerShell console to check the Defender Antivirus Signature version on a Windows 10 or Windows 11 device.
- Go to Start and search for PowerShell.
- Launch the PowerShell console.
- Type the following command and press Enter.
Get-mpcomputerstatus | fl *signatureversion*
In this blog post, we explored the process of downloading the Defender Antivirus report from Intune, including the Antivirus signature version. The flexibility to customize the report by adding or removing columns allows you to tailor it to contain only the relevant data according to your specific requirements.
Additionally, we discussed alternative methods such as checking the Defender version on a Windows 10 or Windows 11 device using PowerShell or via the Windows Security app.