Nov 09 2022 03:04 AM
We have 1200+ windows servers (2012R2, 2016 and 2019) and all the servers are on boarded to MDE however when checking defender AV platform version report on security portal, I can see all servers are running on different defender AV platform versions. tried to find any GPO steps which I can create to make sure all the servers gets defender AV platform updates automatically however could not find any GPO way to achieve this. We are not managing servers by SCCM or WSUS update hence GPO is the only way forward for us.
During my own research I found that MS releases defender AV platform update under KB4052623 but could not get any way to make sure this get installed automatically on all the servers.
Nov 09 2022 08:14 AM - edited Nov 09 2022 08:45 AM
Platform updates are received via Windows Update/Microsoft Update along with all other OS updates, so I think the only easy option here is to configure automatic updates for the whole OS.
If you do not want this to happen, I guess you might be able to configure some sort of script to download said KB and install, but not sure if there is a download link that does not change every month.
Also do note that 2012R2 and 2016 has sensor updates on top of Platform/Intelligence updates.
(listed as the product Defender for Endpoint in Microsoft Update catalog)
Nov 12 2022 10:51 PM
Nov 16 2022 07:00 AM
SolutionNov 16 2022 07:00 AM
Solution