How to Turn On Windows Defender When Another Organization Is Protecting the Device

That message usually means Defender settings are being controlled by work or school policy, Microsoft Defender for Endpoint management, or another antivirus product. If policy owns the device, you often cannot turn Defender on yourself until that policy is removed or changed. If you are still narrowing the symptom, start with the common Defender problems pillar.

The phrase another organization is protecting this device usually points to device management, not a simple Windows glitch.

Common causes include work or school enrollment, Intune or Group Policy settings, Microsoft Defender operating mode controls, or a different antivirus product taking the active role.

• If the PC is personally owned and no longer managed by work or school, remove the old management connection first.
• If another antivirus product is installed and meant to be removed, uninstall it and restart before checking Defender again.
• If Windows Security is only stale or reporting old state, validate locally with PowerShell before changing settings blindly.

If the device is enrolled in a company or school tenant, local toggles may be locked by design.

In that case, the correct path is to confirm ownership with the IT administrator, review device enrollment, and ask whether Defender should be active, passive, or suppressed on that endpoint.

Open Settings > Accounts > Access work or school and verify whether the device is connected to an organization.

If it is, that connection may be applying Defender policy. Removing it without approval can break compliance or access, so validate ownership before disconnecting anything.

If another antivirus is installed, Microsoft Defender Antivirus may remain present but stop being the active protection engine.

Use the third-party antivirus guide if you suspect Defender was sidelined by another product.

Use PowerShell to see whether Defender is in active or passive mode before making changes.

PS> Get-MpComputerStatus | Select-Object AMRunningMode, AntivirusEnabled, RealTimeProtectionEnabled, AMProductVersion

If AMRunningMode does not show normal active protection, follow the operating-mode explanation in the passive mode guide.

1. Confirm whether the device is personally owned or organization-managed.
2. Check whether another antivirus product is installed.
3. Collect AMRunningMode and protection-status output.
4. Escalate to the policy owner if the device is still managed or locked.

Capture whether the device is enrolled to work or school, whether another antivirus is installed, the current AMRunningMode value, and whether the user has local admin rights. That short checklist usually removes most back-and-forth in remediation tickets.