While not all anti-malware products are made by Microsoft, there is an interesting process that is executed by Windows Intune to decide whether to install the Windows Intune Endpoint Protection software on a client computer or not. The process is described by the flow chart shown as follows:
The process ensures that a computer is never left without anti-malware protection. If a computer has no anti-malware, or has Microsoft Security Essentials, or Forefront Endpoint Protection, then an upgrade is carried out to Windows Intune Endpoint Protection.
If it has another anti-malware tool, then this will be removed and Windows Intune Endpoint Protection will be installed if the policy explicitly says to install the product. If not, then the existing anti-malware solution will be left in place. It is worth stating again though that Windows Intune can only provide alerts and manage via policy if the Windows Intune Endpoint Protection is installed.