This policy setting allows you to configure Windows Defender to check and install definition updates from Windows Update when a locally managed Windows Server Update Services (WSUS) server is not available.
Windows Defender checks for definition updates using the Automatic Updates client. The Automatic Updates client can be configured to check the public Windows Update Web site or a locally managed WSUS server. When a computer is not able to connect to an internal WSUS server, such as when a portable computer is roaming outside of the corporate network, Windows Defender can be configured to also check Windows Update to ensure definition updates are delivered to these roaming machines.
If you enable or do not configure this policy setting, by default Windows Defender will check for definition updates from Windows Update, if connections to a locally managed WSUS server fail.
If you disable this policy setting, Windows Defender will check for definition updates only on a locally managed WSUS server, if the Automatic Updates client is so configured.
|Registry Path||Software\Policies\Microsoft\Windows Defender\Signature Updates|