Updating MMA on Windows devices for Microsoft Defender for Endpoint
Article
Important
If you've arrived on this page as a result of clicking on a notification at the Microsoft Defender portal (https://security.microsoft.com), you have devices in your environment with outdated agents, and you need to take action (described in this article) to avoid service disruption. For more details, please reference message center post MC598631 (requires access to Message Center).
If you're using the Microsoft Monitoring Agent (MMA) on Windows devices, it's important to keep this agent updated. For Windows Server 2012 R2 and Windows Server 2016, Microsoft recommends upgrading to the new, unified agent for Defender for Endpoint. This article describes how to:
Update the MMA on your devices (for devices running Windows 7 SP1 Enterprise, Windows 7 SP1 Pro, Windows 8.1 Pro, Windows 8.1 Enterprise, and Windows Server 2008 R2 SP1).
This option applies to devices running Windows 7 SP1 Enterprise, Windows 7 SP1 Pro, Windows 8.1 Pro, Windows 8.1 Enterprise, and Windows Server 2008 R2 SP1.
To help you identify older versions of the MMA inside of your organization, you can use the "EOSDate" column in advanced hunting. Or, follow the instructions in Plan for end-of-support software and software versions to use the vulnerability management feature inside of Microsoft Defender for Endpoint to track remediation.
Upgrade to the new, unified agent for Defender for Endpoint
This option applies to servers running Windows Server 2012 R2 and Windows Server 2016.
A new agent was released in April 2022 for Windows Server 2012 R2 and Windows Server 2016. The new agent doesn't depend on MMA. There are significant benefits to moving to this new agent, such as a vastly extended feature set. To learn more, see Tech Community Blog: Defending Windows Server 2012 R2 and 2016.
Microsoft Defender Vulnerability Management provides an assessment (SCID-2030) titled "Update Microsoft Defender for Endpoint core components" that allows you to track which Windows Server 2012 R2 or Windows Server 2016 machines haven't been upgraded yet.
Defender for Endpoint devices running Windows 7 SP1, Windows 8.1, or Windows Server 2008 R2 are still supported and remain dependent on MMA.
Devices running Windows Server 2012 R2 or Windows Server 2016 should be upgraded to the new, unified solution so that they no longer require the use of MMA.
AMA cannot be used as a substitute for Defender for Endpoint.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.