UiBhelp's public knowledge cards

KI 1691 UiB starts using Microsoft Defender for increased PC security

To improve security, it has been decided that Microsoft Defender will be used on all computers managed by UiB.
The university sector's information security is under constant and increasing threats, and computers at UiB are regularly infected by viruses or other malicious software.

Microsoft Defender will provide us with information about malicious or vulnerable software on computer with the Defender program. When malware is found, the conputer is quarantined and may not be used until it has been cleaned. The user will be informed as soon as possible.

If vulnerabilities are discovered, we will contact the user to agree on further measures where necessary.

Defender will reduce the likelihood of user accounts or computers at UiB being misused. If serious vulnerabilities are detected, we can more quickly and more precisely identify which systems have vulnerable software, and implement measures for upgrading them. Using Defender will thus give a significant boost to IT security at UiB.

The decision to introduce Defender has been taken in consultation with UiB's Data Protection Commissioner. A privacy assessment has been carried out. The program is configured to limit access to data. The trade unions at UiB will be informed about the measure.

Few people in the IT division will have access to the findings from Defender. No one will be able to see the contents of users' documents and files.

The use is authorized in the Management System for Information Security and Privacy, cf. The operating instructions: "For those systems where computer viruses may be a risk, antivirus software must be run." The National Security Authority's basic principles for ICT security also emphasize the need for automated and centralized virus protection.

These functions will be used
The functions in Microsoft Defender that we will use are:
  • Custom network indicators. Can block traffic to specific addresses used in malicious activities/attacks.
  • Show user details. Makes it possible to find the owner of the computer (the person who used the computer) so we know who to contact.
  • Automated investigations. Removal of viruses.
  • Download quarantined files. Keep files in quarantine when viruses are found in them.
  • Functions that compile data we already have in the cloud (identity protection and Office 365 Threat Intelligence)