MT.1161 - Cloud Block Level should be High or higher
Overviewβ
Checks that the cloud block level is set to High or higher in all assigned Microsoft Defender Antivirus policies.
A low cloud block level reduces proactive threat blocking capabilities, allowing more suspicious files to execute without cloud-based analysis.
Remediation action:β
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Set Cloud Block Level to High, High Plus, or Zero Tolerance
Related linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1161 |
| Severity | High |
| Suite | Maester |
| Category | Defender |
| PowerShell test | Test-MtMdeCloudBlockLevel |
| Tags | Defender, Maester, MT.1161 |
Sourceβ
- Pester test:
tests/Maester/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1 - PowerShell source:
powershell/public/maester/defender/Test-MtMdeCloudBlockLevel.ps1