Microsoft has recently released the latest updates for its Defender software on Windows 11 ISOs, as part of their routine security updates during Patch Tuesday. Notably, Microsoft has announced a significant change in the delivery method of these security updates for enterprise devices running Windows. As per the recent announcement, the endpoint detection and response (EDR) updates for Microsoft Defender for Endpoint will no longer be included in the monthly Windows security updates or Patch Tuesdays.
Instead, these EDR updates will be delivered via Microsoft Update (MU), aligning with several other components of Microsoft Defender. Last year, Microsoft made a similar move by shifting PowerShell updates to Microsoft Update due to its ability to provide automatic updates for Microsoft products and services.
This shift aims to enable Microsoft to deliver EDR improvements and security enhancements independently of the OS’s regular monthly update cycle. This should facilitate faster deployment of protection updates without necessitating organizations to wait for the next Patch release.
For those unaware, Microsoft Defender for Endpoint’s EDR capabilities are designed to help organizations detect, investigate, and respond to advanced threats across managed devices. Keeping these components updated is crucial for maintaining protection against evolving attack techniques.
The rollout for Microsoft’s latest update, KB5005292, has commenced on Windows 10 devices in late May 2026, with plans to extend support to Windows 11 and other compatible Windows versions over the following months. The tech giant anticipates that this transition will be concluded by fall 2026, or roughly Q3 of this year.
Upon the completion of the transition, EDR updates will be distributed via Microsoft Update, utilizing KB5005292. However, the successful installation of preliminary updates is a prerequisite. Moreover, Microsoft is introducing a new Defender Update Service as part of this change. Post-installation, devices will create a new directory at %ProgramData%MicrosoftMicrosoft DefenderDefender Update.
Most organizations are expected to require no action as long as Microsoft Update is already integrated into their update management strategy. On the other hand, administrators who utilize manually deployed update packages will need to modify their processes to incorporate the new Defender update package. Microsoft advises reviewing internal documentation and notifying helpdesk and security operations teams about the updated delivery mechanism to minimize confusion during this transition.
As a precondition for this update, systems must be running Sense version 10.8798.25857.1000 or later and should have one of the subsequent Windows updates installed:
Before the upcoming wide release later this year, organizations must ensure that their update policies are fully aligned with the new servicing model. This precautionary step guarantees a smooth transition across all supported Windows platforms.
If a critical issue arises, administrators can quickly revert the Microsoft Defender for Endpoint (EDR) update to the original inbox version stored in %ProgramFiles%Windows Defender Advanced Threat Protection (ATP) by running the following command:
MpCmdRun.exe -RevertMde -Product Edr -ToVersion Inbox
For users with access to the Microsoft 365 Admin Center, the detailed notification can be found under the reference ID MC1381119.
News Source: Neowin
Comments
Be the first to comment.