check before: 2025-08-28
Product:
Defender, Defender for Endpoint, Defender XDR, Windows Server
Platform:
Online, US Instances, World tenant
Status:
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Defender Core service will be introduced for Windows Server 2012 R2 and 2016 to improve Defender Antivirus stability and performance. Public preview starts August 28, 2025; general availability by early October 2025. It installs by default with platform update 4.18.25060.7-0 and requires specific URL allowances and process whitelisting.
Details:
Introduction
We're introducing the Microsoft Defender Core service for Windows Server 2012 R2 and Windows Server 2016. This new service enhances the stability and performance of Microsoft Defender Antivirus, helping organizations strengthen endpoint protection on legacy server platforms.
When this will happen
Public Preview: Begins August 28, 2025, via the Beta channel (Prerelease).
General Availability: Rollout begins in mid-September 2025 across all rings and completes by early October 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-08-27
updated:
2025-08-27
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Service Instability
Without proper preparation, the introduction of the Microsoft Defender Core service may lead to service instability, causing potential downtime or degraded performance of the antivirus service.
- roles: IT Administrator, System Administrator
- references: https://learn.microsoft.com/defender-endpoint/microsoft-defender-core-service-overview#prerequisites
User Experience Degradation
If the required URLs are not allowed, users may experience delays or failures in antivirus updates and scans, leading to a compromised security posture.
- roles: End User, IT Support
- references: https://learn.microsoft.com/defender-endpoint/microsoft-defender-core-service-overview#prerequisites
Compatibility Issues
Failure to whitelist necessary processes may result in conflicts with existing security solutions, leading to potential security gaps and user disruptions.
- roles: Security Analyst, IT Administrator
- references: https://learn.microsoft.com/defender-endpoint/microsoft-defender-core-service-overview#prerequisites
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is rolling out a new service called Microsoft Defender Core for Windows Server 2012 R2 and 2016. Think of this as an upgrade to the security system on these older server models, much like updating the security system in an older building to make it more robust and efficient. This service aims to enhance the stability and performance of Microsoft Defender Antivirus, which is the tool that helps protect your servers from viruses and other malicious software.
The public preview of this service will start on August 28, 2025, and it will be generally available by early October 2025. This means that initially, it will be available for testing and feedback before being fully rolled out to everyone. Once your server updates to the required version, this new service will automatically be installed and activated. It’s like getting a new security feature added to your car during a routine service check.
For this service to work properly, you’ll need to ensure that certain internet addresses (URLs) are allowed through your network's security settings. This is similar to making sure certain phone numbers are not blocked on your phone so you can receive important calls. Additionally, if you are using any application control software or third-party antivirus tools, you will need to allow a specific process related to this new service. Think of this as adding a new trusted contact to your phone's address book so that their calls are not blocked.
There are no new compliance issues to worry about with this update, but it's always a good idea to review your organization's policies to ensure everything aligns. This service is designed to integrate smoothly with existing systems without changing how your current antivirus functions or is configured. It's like adding a new layer of protection without having to rearrange your existing security setup.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago
