%3CLINGO-SUB%20id%3D%22lingo-sub-1704800%22%20slang%3D%22en-US%22%3ESHA-2%20signing%20enforcement%20on%20Windows%207%20and%20Windows%20Server%202008%20R2%20is%20almost%20here!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1704800%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20deadline%20is%20fast%20approaching%20--%20we%20mentioned%20in%20a%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-endpoint%2Fsha-2-signing-enforcement-on-windows-7-and-windows-server-2008%2Fba-p%2F1519584%22%20target%3D%22_self%22%3Eprevious%20blog%3C%2FA%3E%20that%20any%20customers%20running%20Microsoft%20Defender%20for%20Endpoint%20on%20Windows%207%20or%20Windows%20Server%202008%20R2%20must%20take%20the%20following%20actions%20or%20their%20agents%20will%20stop%20sending%20data%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3BBefore%26nbsp%3B%3CSTRONG%3ENovember%26nbsp%3B2%2C%202020%3C%2FSTRONG%3E%2C%20do%20the%20following%3A%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EInstall%20the%20SHA-2%20signing%20Windows%20updates%20as%20described%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fhelp%2F4472027%2F2019-sha-2-code-signing-support-requirement-for-windows-and-wsus%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2019%20SHA-2%20Code%20Signing%20Support%20requirement%20for%20Windows%20and%20WSUS%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EUpdate%20to%20the%20latest%20version%20of%20the%20Log%20Analytics%20Windows%20agent%20(%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D828603%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%2064-bit%20agent%3C%2FA%3E%26nbsp%3Bor%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D828604%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%2032-bit%20agent%3C%2FA%3E)%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EYou%20can%20find%20the%20relevant%20devices%20in%20your%20environment%20using%20an%20advanced%20hunting%20query.%20You%20can%20use%20the%20following%20that%20is%20available%20on%20GitHub%3A%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fanthonws%2FMTPAHQueries%2Fblob%2Fmaster%2FLog_Analytics_Agent_SHA2_Support.txt%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fanthonws%2FMTPAHQueries%2Fblob%2Fmaster%2FLog_Analytics_Agent_SHA2_Support.txt%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELearn%20more%20information%20about%20SHA-2%20signing%20enforcement%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Flog-analytics-agent%23sha-2-code-signing-support-requirement-for-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20any%20other%20questions%2C%20please%20feel%20free%20to%20reach%20out%26nbsp%3BMicrosoft%20Defender%20for%20Endpoint%20Support.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Microsoft%20Defender%20for%20Endpoint%20team%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1704800%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20deadline%20is%20fast%20approaching%20--%20we%20mentioned%20in%20a%20previous%20blog%20that%20any%20customers%20running%20Microsoft%20Defender%20for%20Endpoint%20on%20Windows%207%20or%20Windows%20Server%202008%20R2%20must%20take%20the%20following%20actions%20or%20their%20agents%20will%20stop%20sending%20data%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

The deadline is fast approaching -- we mentioned in a previous blog that any customers running Microsoft Defender for Endpoint on Windows 7 or Windows Server 2008 R2 must take the following actions or their agents will stop sending data:

 Before November 2, 2020, do the following: 

  1. Install the SHA-2 signing Windows updates as described in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS
  2. Update to the latest version of the Log Analytics Windows agent (Windows 64-bit agent or Windows 32-bit agent)

You can find the relevant devices in your environment using an advanced hunting query. You can use the following that is available on GitHub: https://github.com/anthonws/MTPAHQueries/blob/master/Log_Analytics_Agent_SHA2_Support.txt

 

Learn more information about SHA-2 signing enforcement in the documentation.

 

For any other questions, please feel free to reach out Microsoft Defender for Endpoint Support.  

 

Thank you, 

The Microsoft Defender for Endpoint team