MC687846: New Microsoft Defender Antivirus services on Windows Devices

Announcement IDMC687846Published Date11-07-2023
ServiceMicrosoft365DefenderLast Updated07-05-2024
CategoryPlan for changeExpiration Date08-26-2024
Roadmap IDAction Required by Date
TagsAdmin impact, New feature, User impact


Summary
                Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with a new service called Microsoft Defender Core service. The rollout will occur in stages, starting with a preview in November 2023 and worldwide rollout in April 2024. To prepare, users need to update the Platform Update to the latest version and allow specific URLs. If using an Application Control application or running a 3rd party AV and/or EDR, add the Microsoft Defender Core Service process to the allowed list.


More Information

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with a new service:

  • Microsoft Defender Core service.

When this will happen:

Preview: November 23 to Beta channel (Prerelease).

Worldwide: We will roll out to all rings (Current Channel (Preview), Current Channel (Staged) and Current Channel (Broad)) during late April 2024 (previously mid-April).

GCC Moderate, GCC High and DOD: We will roll out to all rings (Current Channel (Preview), Current Channel (Staged) and Current Channel (Broad)) during mid-July 2024 (previously late June).

How this will affect your organization:

To enhance your endpoint security experience, we are shipping the Microsoft Defender Core service which will help with stability and performance of Microsoft Defender Antivirus.

What you need to do to prepare:

  1. Update the Platform Update to the latest version 4.18.23110.0 or newer
  2. Allow the following URL's:
    • Commercial:
      • *.events.data.microsoft.com
      • *.endpoint.security.microsoft.com
      • *.ecs.office.com
    • For US Gov, the ECS URL's are:
      • GCC Mod: *.gccmod.ecs.office.com
      • GCC High: *.config.ecs.gov.teams.microsoft.us
      • DOD: *.config.ecs.dod.teams.microsoft.us
  3. If using an Application Control application or running a 3rd party AV and/or EDR, add the following process to the allowed list.
    • Microsoft Defender Core Service MdCoreSvc - MpDefenderCoreService.exe

Previous Post Next Post