MC1137611 – Deception feature in Microsoft Defender for Endpoint will be retired from public preview

Product:

Defender, Defender for Endpoint, Defender XDR

Platform:

Online, World tenant

Status:

Change type:

Admin impact, Retirement

Links:

Details:

Summary:
The Deception feature in Microsoft Defender for Endpoint will be retired from public preview by October 31, 2025. New onboarding stops August 18, 2025; existing decoys and UI elements will be removed. No admin action is needed, but informing stakeholders and updating documentation is recommended.

Details:
Introduction
We're retiring the Deception feature from public preview in Microsoft Defender for Endpoint.
When this will happen
August 18, 2025: Onboarding of new tenants to the Deception feature will be blocked.
October 31, 2025: All existing decoys and lures will be removed. Deception-related sections will be removed from the portal.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-08-19

updated:
2025-08-19

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Removal of Deception Feature
The Deception feature will no longer be available, impacting threat detection capabilities.
   - roles: Security Analyst, IT Administrator
   - references: https://learn.microsoft.com/defender-xdr/deception-overview

Loss of Existing Decoys and Lures
All existing decoys and lures will be removed, potentially reducing the effectiveness of security measures.
   - roles: Security Analyst, Incident Response Team
   - references: https://learn.microsoft.com/defender-xdr/deception-overview

User Interface Changes
Deception-related sections will be removed from the portal, leading to confusion among users who rely on these features.
   - roles: IT Administrator, End User
   - references: https://learn.microsoft.com/defender-xdr/deception-overview

Need for Stakeholder Communication
Failure to inform stakeholders about the change may lead to unpreparedness and operational disruptions.
   - roles: IT Administrator, Project Manager
   - references: https://learn.microsoft.com/defender-xdr/deception-overview

Documentation Updates Required
Internal documentation will need to be updated to reflect the removal of the Deception feature, which may lead to inconsistencies if not done.
   - roles: IT Administrator, Compliance Officer
   - references: https://learn.microsoft.com/defender-xdr/deception-overview

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Imagine you have a security system in your office building that includes a clever trick: fake doors and hallways designed to confuse intruders. This is similar to the Deception feature in Microsoft Defender for Endpoint, which uses decoys and lures to mislead cyber attackers. However, Microsoft has decided to retire this feature by October 31, 2025.

Think of it like the building management deciding to remove these fake doors and hallways. After August 18, 2025, no new fake doors will be added, and by the end of October 2025, all existing ones will be taken down. This means that any current setups using these decoys will no longer be available.

For you, this means there's no need to take any immediate action, as the change will happen automatically. However, it's a good idea to inform your team and update any documentation that references these features. It's like letting everyone in the office know that the fake doors are going away and updating the building map accordingly.

Additionally, consider exploring other security measures that Microsoft offers, such as automatic attack disruption and exposure management capabilities. These can be seen as upgrading your security system with more advanced technology, like surveillance cameras or motion detectors, to keep your office safe in different ways.

There are no compliance issues identified with this change, but it's always wise to review your organization's policies to ensure everything remains in line with your security strategy.