Microsoft Defender for Endpoint security updates move to Microsoft Update on Windows

🚨 The Signal: Microsoft Defender for Endpoint (MDE) EDR updates will now deploy via Microsoft Update, separate from monthly Windows security updates. This change enables faster delivery of critical EDR security improvements, enhancing endpoint protection posture.

The Impact

Organizations using Microsoft Defender for Endpoint are affected, with a positive security risk reduction due to more agile EDR updates.

• Security Teams: Faster EDR updates mean quicker response to new threats.
• Admins: Update process changes, requiring awareness of new Defender Update Service.
• All Windows Devices: Enhanced protection against emerging endpoint threats.

The Action

1. Verify devices are running Sense version 10.8798.25857.1000 or later.
2. Ensure prerequisite updates (KB5005292 or later) are installed on all MDE-managed devices.
3. Monitor MDE update status to confirm successful transition to the new delivery mechanism.
4. Review existing patch management policies to account for independent EDR updates.

Domain: Defender · Impact: medium · Workload: Microsoft Defender · Essential Eight: Patch Operating Systems, Patch Applications · ISM: ISM-0304, ISM-1407, ISM-1501, ISM-1621, ISM-1622, ISM-1623, ISM-1654, ISM-1655, ISM-1690, ISM-1691, ISM-1692, ISM-1693, ISM-1694, ISM-1695, ISM-1696, ISM-1698, ISM-1699, ISM-1700, ISM-1701, ISM-1702, ISM-1704, ISM-1807, ISM-1808, ISM-1876, ISM-1877, ISM-1889, ISM-1901, ISM-1902, ISM-1905