ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Active Directory Policies

How to enable Windows Defender to analyze mail bodies and attachments via group policy

In an era where email remains a primary vector for cybersecurity threats, it’s crucial for system administrators to ensure that all possible precautions are taken to protect networked systems. One effective measure is configuring Windows Defender, the integrated antivirus solution in Windows, to thoroughly analyze mail bodies and attachments for malicious content. This article provides a detailed guide on how to create a Group Policy Object (GPO) for this purpose, tailored for system administrators in a professional setting.

Understanding the Importance of Email Scanning

Malicious actors often use emails to spread malware, ransomware, and phishing attacks. By enabling Windows Defender to scan mail bodies and attachments, you can significantly reduce the risk of these threats infiltrating your network.


  • Administrative Access: You need administrative privileges in your Active Directory (AD) environment.
  • Group Policy Management Console (GPMC): This tool must be installed and accessible to configure Group Policies.

Step-by-Step Instructions

Step 1: Open Group Policy Management Console

Launch GPMC by typing “Group Policy Management” in the Start menu search or by executing gpmc.msc.

Step 2: Create or Edit a Group Policy Object
  • To create a new GPO, right-click on the domain or an Organizational Unit (OU) and select “Create a GPO in this domain, and Link it here…”.
  • To modify an existing GPO, locate it under the appropriate domain or OU, right-click it, and choose “Edit”.
Step 3: Navigate to Windows Defender Antivirus Settings

In the Group Policy Management Editor, go to: Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsMicrosoft Defender Antivirus.

Step 4: Configure Mail Scanning
  • Find the policy setting “Scan email messages and attachments”. This setting might be located under a sub-folder such as “Real-time Protection”.
  • Set the policy to “Enabled”.
  • This action will configure Windows Defender to scan the contents of all email messages and the files attached to them for malware and other threats.
Step 5: Apply and Enforce the GPO
  • Click “OK” or “Apply” to save the changes.
  • Link the GPO to the appropriate OU.
  • The policy will be applied at the next Group Policy refresh cycle, or you can expedite the process by running gpupdate /force on the client machines.

Advanced Configuration and Use Cases

  1. High-Risk Environments: In environments where sensitive data is frequently transmitted via email, such as in financial or legal sectors, ensuring comprehensive email scanning is critical.
  2. Customization for Specific Departments: Apply more stringent policies to departments with higher risk profiles, while maintaining standard policies for others.
  3. Compliance and Legal Requirements: In industries governed by strict data protection regulations, ensuring thorough email scanning can be part of compliance strategies.

Security Considerations

  • Balancing Performance and Security: While email scanning is crucial, it’s important to balance security needs with system performance. Excessive scanning can lead to system slowdowns.
  • User Communication and Training: Inform users about these security measures and train them on best practices for email usage to enhance overall security.
  • Regular Policy Reviews: Continually review and adjust the policy to adapt to emerging threats and changes in the organizational IT environment.


  • Performance Issues: If users report performance issues related to email applications, assess the impact of the scanning settings and adjust if necessary.
  • Policy Application Issues: Use tools like Resultant Set of Policy (RSoP) or gpresult to troubleshoot any issues related to the application of the GPO.


Implementing a GPO to enable Windows Defender to scan mail bodies and attachments is a proactive step towards securing an organization’s IT infrastructure from email-based threats. By following the steps outlined in this guide, system administrators can effectively manage email security across their networks, contributing significantly to the overall cybersecurity posture of their organization.

Related posts
Active Directory Policies

Block windows app installation with elevated privileges using GPO

Active Directory Policies

GPO to prevent regular users from changing MSI installation options

Active Directory Policies

GPO to prevent autoplay on non-volume devices

Active Directory Policies

Prevent remote logon for local accounts with blank password - GPO


There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.