Forum Discussion

gilblumberg's avatar
gilblumberg
Iron Contributor
May 21, 2023

Updating the MDE.Windows extension

We have multiple servers running in Azure Arc onboarded into MDE using the MDE.Windows extension.   Just our luck to discover that Microsoft's documentation shows that that automatic extension upgr...
Jonhed's avatar
Jonhed
Iron Contributor
Jun 08, 2023

Yes, the extension is pretty much there just to push the MDE onboarding package to the server.
Past that, it is just a regular MDE and MDAV installation.

Pattern updates, engine updates as well as platform updates are managed by MDAV.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-worldwide

As for MDE itself, it depends on the version.
Windows Server 2019 and above come with the MDE sensor integrated in the OS, so MDE sensor updates are included in the OS security updates.
Windows 2012 R2 and 2016 get the MDE sensor through a separate installation (MDE unified package), and requires updates via Windows Update, WSUS etc.
https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac

gilblumberg's avatar
gilblumberg
Iron Contributor
Jun 08, 2023
All of this is unfortunately not well articulated, if at all, in the documentation. With reference to my post, none of those 4 bullet points are covered. All very important in my opinion.

Resources