May 10 2021 12:51 AM
Antivirus intelligence updates are updated multiple times a day. Our W10 endpoint update successfully, but still the Defender for Endpoint AV status shows "not updated" on a large amount of endpoints. When I manually check these endpoints some are behind maybe max. a day.
When (after how many days or missed updates) does Defender AV show endpoints as "not updated"?
(Note, the number of days before definitions are considered out of date is set to default - 14 days)
May 13 2021 08:57 AM
We spoke with our devs regarding your questions/issues. They confirmed that it can take up to 24 hours for a newer signature to appear in the MDE portal. The process looks like this:
Our devs are looking at reducing this time, but doing so may introduce performance related issues.
If you need accurate/up-to-date Def/Sig information from your clients, you should not be using MDE for this. You should use Intune or SCCM.
For Intune, please see this link:
Announcing new Endpoint Security Antivirus reports!
For SCCM, please see this link:
How to Monitor Endpoint Protection in Configuration Manager
For the “Antivirus status” column, Updated means the last time TVM pulled the data had the most current Def/Sig that it was aware of. Not Updated means the sig/def was old.