Forum Discussion
Some questions about MMA agent Upgrade/Migration
Hi there,
We received a message to upgrade our Log Analytics Workspace agent (MMA) to a newer version. We use MDE and the servers it concerns are ARC-enabled Windows 2012 R2 servers and Windows 2016 servers. We do not use Microsoft Endpoint Configuration Manager or Microsoft Defender for Cloud. So that means we should follow this guide: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/server-migration?view=o365-worldwide as far as I can tell and then follow the steps under 'Installer script'.
Now here are my questions:
- What can go wrong during this migration? How can I safely test this without breaking anything? And is there any rollback posibility for if it goes wrong?
- I also read here that you can just install the new MMA version, is that correct? Because that option is only mentioned for the 2008 servers and not for 2012 or 2016 in the Microsoft documentation.
- We plan to upgrade the Windows 2012 R2 servers to Windows 2019 or Windows 2022, but the Microsoft document about MMA upgrades makes no mention of those at all. What then should be done in those cases?
Thanks in advance.
Hi SMJ91,
Here are some potential problems that can occur during the migration:
- The migration may not complete successfully, leaving the servers without any security protection.
- The migration may cause performance problems on the servers.
- The migration may cause compatibility issues with existing applications.
To safely test the migration, you can create a test environment and migrate a small number of servers first.
If the migration is successful, you can then migrate the remaining servers.
If the migration does go wrong, you can try to roll back to the previous version of the agent. However, this is not always possible and may require a reinstall of the operating system.Yes, you can install the new MMA version on Windows 2012 R2 and Windows 2016 servers. However, Microsoft recommends upgrading to the new, unified agent for Defender for Endpoint. This agent provides a number of advantages over the MMA agent, including:
- Improved performance and reliability
- Support for new features and capabilities
- A simplified installation and configuration process
If you are planning to upgrade your Windows 2012 R2 servers to Windows 2019 or Windows 2022, you should install the new, unified agent for Defender for Endpoint on the new operating system.
Recommendations
Here are some recommendations for migrating your servers:
- Create a test environment and migrate a small number of servers first to test the migration process and identify any potential problems.
- Upgrade to the new, unified agent for Defender for Endpoint instead of the MMA agent.
- If you are planning to upgrade your Windows 2012 R2 servers to Windows 2019 or Windows 2022, install the new, unified agent for Defender for Endpoint on the new operating system.
you can use this links as a guide:
- Update your agent on devices for Microsoft Defender for Endpoint: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/update-agent-mma-windows?view=o365-worldwide
- Onboard Windows servers to the Microsoft Defender for Endpoint service: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide
- How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?: https://jeffreyappel.nl/how-to-upgrade-from-mma-based-defender-for-endpoint-to-mde-unified-solution-in-defender-for-cloud/
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
- LeonPavesicSilver Contributor
Hi SMJ91,
Here are some potential problems that can occur during the migration:
- The migration may not complete successfully, leaving the servers without any security protection.
- The migration may cause performance problems on the servers.
- The migration may cause compatibility issues with existing applications.
To safely test the migration, you can create a test environment and migrate a small number of servers first.
If the migration is successful, you can then migrate the remaining servers.
If the migration does go wrong, you can try to roll back to the previous version of the agent. However, this is not always possible and may require a reinstall of the operating system.Yes, you can install the new MMA version on Windows 2012 R2 and Windows 2016 servers. However, Microsoft recommends upgrading to the new, unified agent for Defender for Endpoint. This agent provides a number of advantages over the MMA agent, including:
- Improved performance and reliability
- Support for new features and capabilities
- A simplified installation and configuration process
If you are planning to upgrade your Windows 2012 R2 servers to Windows 2019 or Windows 2022, you should install the new, unified agent for Defender for Endpoint on the new operating system.
Recommendations
Here are some recommendations for migrating your servers:
- Create a test environment and migrate a small number of servers first to test the migration process and identify any potential problems.
- Upgrade to the new, unified agent for Defender for Endpoint instead of the MMA agent.
- If you are planning to upgrade your Windows 2012 R2 servers to Windows 2019 or Windows 2022, install the new, unified agent for Defender for Endpoint on the new operating system.
you can use this links as a guide:
- Update your agent on devices for Microsoft Defender for Endpoint: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/update-agent-mma-windows?view=o365-worldwide
- Onboard Windows servers to the Microsoft Defender for Endpoint service: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide
- How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?: https://jeffreyappel.nl/how-to-upgrade-from-mma-based-defender-for-endpoint-to-mde-unified-solution-in-defender-for-cloud/
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic