Microsoft Defender for Endpoint EDR Updates Now Delivered via Microsoft Update

🚨 The Signal: Microsoft Defender for Endpoint EDR updates will now be delivered via Microsoft Update, separate from monthly Windows security updates. This enables faster delivery of critical EDR security improvements.

The Impact

Organizations using Microsoft Defender for Endpoint on Windows are affected, with a reduced risk of delayed EDR security improvements.

• Security Teams: Benefit from faster EDR security improvements, enhancing endpoint protection.
• IT Administrators: Must review manual update processes to include new Defender update packages.
• Helpdesk and Security Operations: Need to be informed about the new update delivery method for troubleshooting and awareness.

The Action

1. Review internal documentation and operational procedures that reference Defender for Endpoint update behavior.
2. Inform helpdesk and security operations teams about the new update delivery method.
3. If using manual update package deployment, ensure the new Defender update package (KB 5005292) is included in your standard update process.
4. Ensure devices are running Sense version 10.8798.25857.1000 or later and have required prerequisite updates installed.

Domain: Defender · Impact: medium · Workload: Microsoft Defender · Essential Eight: Patch Operating Systems, Patch Applications