What's new in Microsoft Defender for Endpoint on Windows

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

All updates contain:

  • Performance improvements
  • Serviceability improvements
  • Integration improvements (Cloud, Microsoft 365 Defender)

May-2023 (Release version: 10.8295.22621.1023)

OS KB Release version
Windows Server 2012 R2, 2016 KB 5005292 10.8295.22621.1023

What's new

  • Supports new security settings management capabilities

Jan/Feb-2023 (Release version: 10.8295.22621.1019)

OS KB Release version
Windows Server 2012 R2, 2016 KB 5005292 10.8295.22621.1019

What's new

  • Improved command and control security, quality fixes

Dec-2022 (Release version: 10.8210.22621.1016)

OS KB Release version
Windows Server 2012 R2, 2016 KB 5005292 10.8210.22621.1016

What's new

  • Bug fixes and stability improvements

Aug-2022 (Release version: 10.8210.*)

OS KB Release version
Windows Server 2012 R2, 2016 KB 5005292 10.8210.22621.1011
Windows 11 21H2 (Cobalt)
(Windows 11 SV 21H2)
KB 5016691 10.8210.22000.918
Server 2022 (Iron) KB 5016693 10.8210.20348.946
Windows 10 20H2/21H1/21H2
Windows Server 20H2 (Vibranium)
KB 5016688 10.8210.19041.1949
Windows Server 2019 (RS5) KB 5016690 10.8210.17763.3346

What's new

  • Added a fix to resolve a missing intermediate certificate issue with the use of "TelemetryProxyServer" on Windows Server 2012 R2 running the unified agent.
  • Enhanced Endpoint DLP with ability to protect password protected and encrypted files and not label files.
  • Enhanced Endpoint DLP with support for context data in audit telemetry (short evidence).
  • Improved Microsoft Defender for Endpoint client authentication support for VDI devices.
  • Enhanced Microsoft Defender for Endpoint's ability to identify and intercept ransomware and advanced attacks.
  • The Contain feature now supports more desktop and server versions to perform the Contain action and block discovered devices when these are contained.
  • Expanded the troubleshooting mode feature to additional desktop and server versions. For a complete list of supported OS versions and more information about prerequisites, see Get started with troubleshooting mode in Microsoft Defender for Endpoint.
  • Live Response improvements include reduced session creation latency when using proxies, an undo Remediation manual command, support for OneDrive share in FindFile action, and improved isolation and stability.
  • Security Management for Microsoft Defender for Endpoint now provides the ability to sync the device configuration on demand instead of waiting for a specific cadence.


Update package KB5005292 is on a gradual rollout schedule through Windows Update. Towards the end of this schedule, the package will be published completely, including to the update catalog for manual download. For the current release, this will be in the second half of October. If you want to test the package sooner, you can use gradual rollout controls for platform updates to select the Preview channel.

See also:


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.