Forum Discussion

Christopher__'s avatar
Christopher__
Copper Contributor
Sep 01, 2022

Update Confusion

Can someone help me understand how MDE/AV updates? I thought signatures, platform, and engine updates were handled though normal Windows update processes. However, I am now seeing articles like this ( Enable Microsoft Defender For Endpoint Updates Patching Using SCCM And WSUS HTMD Blog (anoopcnair.com) that may suggest otherwise. Also, when I go to the Device Health report in the security center it tells me that my AV engine, intelligence versions, and platform versions are all up to date on ever machine in my environment. I understand MDE well but when it comes to managing things in SCCM/WSUS I get a little lost. I'm not sure why the update process is the article is needed if the solution is already being updated though normal windows/AV updates.

 

Thank you!

  • Jonhed's avatar
    Jonhed
    Sep 04, 2022

    The new product category listed in your linked article that is called "Defender for Endpoint" only targets the new Unified Agent in Windows Server 2012 R2/2016.

    These 2 platforms do not come with MsSense out of the box(not included in the OS) and therefore require separate updates. This is why the Defender for Endpoint product category is new.

    Windows 10/11, Windows server 2019 and above come with MsSense integrated on an OS level, so my understanding is that MsSense updates are included in the regular OS security updates.

Resources