What's new in Microsoft Defender for Endpoint on Windows
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft 365 Defender
Want to experience Defender for Endpoint? Sign up for a free trial.
All updates contain:
- Performance improvements
- Serviceability improvements
- Integration improvements (Cloud, Microsoft 365 Defender)
May-2023 (Release version: 10.8295.22621.1023)
| OS | KB | Release version |
|---|---|---|
| Windows Server 2012 R2, 2016 | KB 5005292 | 10.8295.22621.1023 |
What's new
- Supports new security settings management capabilities
Jan/Feb-2023 (Release version: 10.8295.22621.1019)
| OS | KB | Release version |
|---|---|---|
| Windows Server 2012 R2, 2016 | KB 5005292 | 10.8295.22621.1019 |
What's new
- Improved command and control security, quality fixes
Dec-2022 (Release version: 10.8210.22621.1016)
| OS | KB | Release version |
|---|---|---|
| Windows Server 2012 R2, 2016 | KB 5005292 | 10.8210.22621.1016 |
What's new
- Bug fixes and stability improvements
Aug-2022 (Release version: 10.8210.*)
| OS | KB | Release version |
|---|---|---|
| Windows Server 2012 R2, 2016 | KB 5005292 | 10.8210.22621.1011 |
| Windows 11 21H2 (Cobalt) (Windows 11 SV 21H2) |
KB 5016691 | 10.8210.22000.918 |
| Server 2022 (Iron) | KB 5016693 | 10.8210.20348.946 |
| Windows 10 20H2/21H1/21H2 Windows Server 20H2 (Vibranium) |
KB 5016688 | 10.8210.19041.1949 |
| Windows Server 2019 (RS5) | KB 5016690 | 10.8210.17763.3346 |
What's new
- Added a fix to resolve a missing intermediate certificate issue with the use of "TelemetryProxyServer" on Windows Server 2012 R2 running the unified agent.
- Enhanced Endpoint DLP with ability to protect password protected and encrypted files and not label files.
- Enhanced Endpoint DLP with support for context data in audit telemetry (short evidence).
- Improved Microsoft Defender for Endpoint client authentication support for VDI devices.
- Enhanced Microsoft Defender for Endpoint's ability to identify and intercept ransomware and advanced attacks.
- The Contain feature now supports more desktop and server versions to perform the Contain action and block discovered devices when these are contained.
- Expanded the troubleshooting mode feature to additional desktop and server versions. For a complete list of supported OS versions and more information about prerequisites, see Get started with troubleshooting mode in Microsoft Defender for Endpoint.
- Live Response improvements include reduced session creation latency when using proxies, an undo Remediation manual command, support for OneDrive share in FindFile action, and improved isolation and stability.
- Security Management for Microsoft Defender for Endpoint now provides the ability to sync the device configuration on demand instead of waiting for a specific cadence.
Note
Update package KB5005292 is on a gradual rollout schedule through Windows Update. Towards the end of this schedule, the package will be published completely, including to the update catalog for manual download. For the current release, this will be in the second half of October. If you want to test the package sooner, you can use gradual rollout controls for platform updates to select the Preview channel.
See also:
- What's new in Microsoft Defender for Endpoint
- What's new in Defender for Endpoint on macOS
- What's new in Defender for Endpoint on iOS
- What's new in Defender for Endpoint on Linux
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Submit and view feedback for