How to turn off Windows Defender using Group Policy

In this post we will see how to turn off Windows Defender using group policy. Windows Defender is malware protection that is included with and built into Windows 10. This software helps identify and remove viruses, spyware, and other malicious software. But why would you think of turning off Windows Defender then ?.

Windows Defender provides the most protection when cloud-based protection is enabled. Windows Defender runs in the background and notifies you when you need to take specific action. There are many ways to disable windows defender. You could choose to disable it on a single machine, you could also disable it using Registry Tweak.

However when you want to disable Windows Defender on multiple computers in a domain, the group policy method is the best. If you are using System Center 2012 R2 Configuration Manager and Microsoft Intune, these can provide centralized management of Windows Defender, including:

  • Settings management
  • Definition update management
  • Alerts and alert management
  • Reports and report management

How to turn off Windows Defender using Group Policy

Launch the Group Policy Management console. Right click on the domain and click Create a GPO in this domain and link it here. Provide a name to the GPO. Click OK.

How to turn off Windows Defender using Group Policy

Once the policy is created, right click on the policy and click Edit. This will bring up the Group Policy Management Editor. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender.

Look for the policy setting “Turn Off Windows Defender“. Right click on the policy setting and click Edit.

How to turn off Windows Defender using Group Policy

On the Turn off Windows Defender policy setting, click Enabled. This policy setting turns off Windows Defender. Click OK and close the Group policy management console.

How to turn off Windows Defender using Group PolicyOn the client machine, we now see that group policy has been applied. When the user tries to open Windows Defender, it shows a box stating This application is turned off by group policy. In case you want to enable the windows defender, edit the policy and simply change the same policy’s status from Enabled to Not Configured or Disabled.

How to turn off Windows Defender using Group Policy

Related Posts
Oldest Most Voted
Inline Feedbacks
View all comments

Hello. Is it posible to disable or ununstall windows defender via SCCM for specific collection? Thaks in advance.

Erik Oliveira

Thank you for the information

mohammed irfan siddiqui

Dear Prajwal Joshi,

Please let me know if the AppLocker is an option in SCCM, can we implement AppLocker from SCCM to all the Users or with Group policy ?


Will take that as a Yes.
Do you often use such customized editions?


Is allowed to discuss third party NT OSes?


Esteemed Prajwal D., I made ask difficult because involves other parties and I was not aware of your reception. I have this bug where Windows Defender is “disabled” and imposible to access any of its GUI at all (heck, completely forgot to give a try with CLI over cmd prompt – will do) , very limited indeed. Now, after closing its activities with this very gpo instructions, there is a need to recover some removed threats (false positives), since WD is actually running as background daemon unexpectedly. I will welcome very much a piece of knowledge about that as well,… Read more »


is there a way to disable the pop up?


How do you activate the policy once you’ve done the steps above? The workstation’s completely ignore it and still load the Defender service – it’s not working (reboots don’t help).


right click the policy and choose the enforce button, then on the workstations, do a gpupdate /force to see if it now applies. I would assume you are using server 2008 or higher and all workstations are windows 7 or higher?


thanks for providing this information all explained in simple ways !! and yes it works!!

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More