It should be possible to deploy a Microsoft Defender ATP Policy to a User collection, not just a Device collection.

It would be good if we could set different policy configurations for OS Drive, Fix Data Drive & Removable Data Drive.
Currently We are not able to configure only OS Drive only

Currently only a Full Administrator can create or deploy a bit locker management policy. Please enable these rights to be delegated.

Bitlocker computer compliance report does not show the C: drive compliance information if there is an extra drive in the machine (D: for example)

Seeing how the Recovery Service endpoint only requires IIS and a Management Point role, would it be feasible to have the endpoint run on CMG?

Internet-based clients in a co-management environment cannot reach the internal MP URL. Unless they use a VPN connection. We could leverage the BitLocker CSP policies available in Intune but that doesn't offer integration with recovery keys stored in the SQL DB, or the Helpdesk and Self-Service portals.

Supporting the MBAM role through CMG could be a quick win.

Some Attack Surface Reduction Rules are missing in the Windows Defender Exploit Guard settings.

Please include the following Rules:
Block Office communication application from creating child processes
Block Adobe Reader from creating child processes
Block persistence through WMI event subscription

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction

With CM 1910 MBAM BitLocker upgrade, MBAM BitLocker Helpdesk portal (BitLocker Administration and Monitoring) is available. "Manage TPM" is list one of available option, however, if you take a close look, it is actually alterative to unlock machine.

It would be nice that "Manage TPM" indeed to have manage TPM actions, select a action and submit to act on the target machine, such as, clear TPM, reset TPM, etc.

The feature can be helpful to force a machine lockout at the next reboot in case there is a need and helpdesk professional can help.

for refresh/reinstall scenarios in WinPE where you have an already MBAM managed/Bitlockered client, and you want to reinstall it or refresh to a new os, the OS drive is bitlockered and therefore you cannot read it or pull data from it (USMT), we've used various versions of this for MBAM https://www.windows-noob.com/forums/topic/4173-how-can-i-retrieve-my-bitlocker-recovery-key-from-mbam-in-windows-pe/ but it would be nice if this ability was integrated within ConfigMgr now that MBAM is integrated too and to do it securely via https

Great to see MBAM fully integrated in CM 1910, but the policy does not have any option to enforce the encryption. User can always postpone it.

For more info, see this: https://www.youtube.com/watch?v=kRkyx_-l9QU

at the moment all the AV messages are in ConfigMgr, but if there is an outbreak there is only one way, via mail about alerting in CM, or we can configure StatusMessage rules to start something. Can we have a option to grab that infos to a SIEM like sentinel to get faster response about an outbreak? We need also reporting (very slow) and other mechanism in ConfigMgr that are very slow, but alerts in this case should be faster, like CM-Pivot automation to send some info's directly to a SIEM system, to get more possibility's.

In some cases, the naming is different in Intune, MDATP and ConfigManager, but in the background it is the same setting, this is not only for Defender, it is for all Defender tools, like expoit guard, Microsoft Active Protection Service (MAPS) and so one. That would be nice...

The default configuration in Windows defender controlled access folder blocks folders like pictures, documents, desktop etc. and you can't turn it off. It was difficult to deploy applications so we decided to not use this feature anymore and it's a shame because it's a such a great idea. We would like to have an option to disable this default behavior. At our company We want only to protect network drives/folders and don't care about pictures folders etc.

It would be nice to have ability to enable Tamper Protection in defender via SCCM antimalware policy

In 1906, WDAC rules can be modified only on Folder and Files level and that is not enough. Like in Applocker, we need Publisher rules and file signing support. It is great that ex-Device Guard starts to be more or less accassable to control with GUI, but current features are not enough to utilize it to production yet. Please make it to be as controllable as Applocker.

Integration of DRA feature directly in SCCM Bitlocker Management feature to have all of Bitlocker controls centralized in one central point (no need extra GPO)

A Malware Detail button that actually links to actionable/useful information. The existing malware detail buttons link to pretty much blank malware detail pages on MS documentation sites. They are not useful. If you can't do the analysis, can you provide links to actual CVEs or other trusted sources?

Adding a file hash of detected or suspected malware son that further research can be done using VirusTotal and simular resources.
As it is now the threat informatinen provided by microsoft have very little detail and restoring files from quarantine to analyze them isn't ideal either

After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security.
SCCM CB 1902
Windows 10 1903

Setting location:
1. Run ms-settings:windowsdefender
2. Clieck on [Windows Security]
3. Click the "gear mark" in the lower left
4. Click the "Version information"
5. anti-malware policy settings remain