I recently hat the Situation, that User Alerts from Windows Defender were missing when Malware was detected. This was the case on Windows 10 1703 and Windows Server 2016 RDS Systems, that were managed by ConfigMgr current branch. The end-user got no notification at all, however the removal of the infected file and the Alerting via ConfigMgr were working without any issues.
After troubleshooting for a while, I found out that a certain Setting in the Antimalware Policy seems to be responsible for this:
Show notifications messages on the client computer when the user needs to run a full scan, update definitions, or run Windows Defender Offline
The Setting can be found in the Advanced Section of the Antimalware Policy Wizard.
By default, this setting is set to “No”, which in my case prevented Windows Defender to display any Detection User Notifications on Windows 10 1703 and Windows Server 2016. I don’t really know why, because the title of the setting doesn’t mention anything regarding Detection Notifications.
On older Operating Systems like Windows 7, where the traditional System Center Endpoint Protection Client was installed, this was working without any issues.
As soon as I configured the setting to “Yes” and ran a Machine Policy Cycle on a Test Device, the Alert came back.