Forum Discussion
Very High Increase in CPU activity after Update Microsoft Defender for Identity sensor
All our servers that are running this sensor (DCs, Certificate servers, AD Connect servers) showed a massive increase in average CPU utilization from virtually straight after the sensor was automatically updated to version 2.254.19112.470 (late night UK time).
Two of our DCs are sitting on 100% CPU today and we can't find anything to resolve it.
Has anyone else seen this since running this version and if so what actions did you take ?
How would we go back to rolling back to the previous version when it appears it will just be automatically updated soon after ?
This is our monitoring of CPU utilization from one of the majorly affected DCs but every server with the sensor had the exact same graph showing a major increase in CPU at the same date and time i.e. just after the sensor was updated.
3 Replies
I am seeing this on 3 domain controllers all server 2019. Glad I am not alone.
We are seeing this issue too, across multiple customers and multiple Server OS's all with the same agent version of 2.254.19112.470
The automatic update to version 2.254.19112.470 took place around 11.45pm UK time on January 12th 2026.
Sorry - that install date was in the title but I had to delete it - then I couldn't edit the post to add it back in.
