check before: 2026-03-01
Product:
Defender, Defender for Endpoint, Defender XDR, Windows
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
Starting March 2026, Microsoft Defender Antivirus with MDE security settings will stop storing readable exclusions in the local registry. Organizations must use PowerShell cmdlets like Get-MpPreference to retrieve settings. Registry-based monitoring will no longer work; update scripts and notify teams accordingly.
Details:
Updated February 13, 2026: We have updated the content. Thank you for your patience.
[Introduction]
Microsoft Defender Antivirus on Windows is updating how antivirus configuration settings, such as exclusions, are stored when Microsoft Defender for Endpoint (MDE) security settings management is enabled. Starting with platform release 4.18.25110.6, devices using MDE security settings management will no longer store readable exclusion values in the local device registry. Organizations must retrieve configuration using supported Microsoft Defender PowerShell cmdlets, such as Get-MpPreference.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out early March 2026 and expect to complete by late March 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-02-06
updated:
2026-02-14
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Starting in March 2026, Microsoft Defender Antivirus will store certain settings digitally, requiring the use of PowerShell commands like Get-MpPreference to access and manage them, instead of checking the local device registry.
Direct effects for Operations**
Loss of Registry-Based Monitoring
With the change, admins will no longer be able to monitor antivirus exclusions through the local registry, leading to potential oversight of security configurations.
- roles: IT Administrators, Security Analysts
- references: https://learn.microsoft.com/defender-endpoint/troubleshoot-settings#step-3-identify-policies-or-settings
Increased Dependency on PowerShell
Organizations will need to rely on PowerShell cmdlets for retrieving antivirus settings, which may require additional training for staff unfamiliar with PowerShell.
- roles: IT Administrators, Helpdesk Support
- references: https://learn.microsoft.com/defender-endpoint/troubleshoot-settings#step-3-identify-policies-or-settings
Potential for Configuration Errors
Without proper preparation, the transition to PowerShell cmdlets may lead to misconfigurations or missed exclusions, increasing vulnerability to threats.
- roles: IT Administrators, Security Analysts
- references: https://learn.microsoft.com/defender-endpoint/troubleshoot-settings#step-3-identify-policies-or-settings
Impact on Monitoring Workflows
Existing monitoring scripts that rely on registry data will fail, potentially leading to gaps in security oversight until updated.
- roles: IT Administrators, Security Analysts
- references: https://learn.microsoft.com/defender-endpoint/troubleshoot-settings#step-3-identify-policies-or-settings
User Experience Degradation
If helpdesk teams are not informed about the changes, users may experience delays in support for antivirus-related issues due to lack of access to exclusion data.
- roles: Helpdesk Support, End Users
- references: https://learn.microsoft.com/defender-endpoint/troubleshoot-settings#step-3-identify-policies-or-settings
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-02-14 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2026-02-14 | MC Summary | Starting March 2026, Microsoft Defender Antivirus with MDE configuration management will stop storing readable exclusion values in the local registry. Organizations must use supported PowerShell cmdlets like Get-MpPreference to retrieve antivirus settings. Registry-based monitoring will no longer work for affected devices. | Starting March 2026, Microsoft Defender Antivirus with MDE security settings will stop storing readable exclusions in the local registry. Organizations must use PowerShell cmdlets like Get-MpPreference to retrieve settings. Registry-based monitoring will no longer work; update scripts and notify teams accordingly. |
| 2026-02-14 | MC Last Updated | 02/06/2026 01:41:26 | 2026-02-14T00:00:20Z |
| 2026-02-14 | MC Messages | [Introduction]
Microsoft Defender Antivirus on Windows is updating how antivirus configuration settings, such as exclusions, are stored when Microsoft Defender for Endpoint (MDE) configuration management is enabled. Starting with platform release 4.18.25110.6, devices using MDE configuration management will no longer store readable exclusion values in the local device registry. Organizations must retrieve configuration using supported Microsoft Defender PowerShell cmdlets, such as Get-MpPreference. [When this will happen:] General Availability (Worldwide): We will begin rolling out early March 2026 and expect to complete by late March 2026. | Updated February 13, 2026: We have updated the content. Thank you for your patience.
[Introduction] Microsoft Defender Antivirus on Windows is updating how antivirus configuration settings, such as exclusions, are stored when Microsoft Defender for Endpoint (MDE) security settings management is enabled. Starting with platform release 4.18.25110.6, devices using MDE security settings management will no longer store readable exclusion values in the local device registry. Organizations must retrieve configuration using supported Microsoft Defender PowerShell cmdlets, such as Get-MpPreference. [When this will happen:] General Availability (Worldwide): We will begin rolling out early March 2026 and expect to complete by late March 2026. |
| 2026-02-14 | MC Title | Microsoft Defender Antivirus: Change to exclusion storage when using MDE configuration management | (Updated) Microsoft Defender Antivirus: Change to exclusion storage when using MDE security settings management |
| 2026-02-14 | MC How Affect | Who is affected:
Organizations using Microsoft Defender for Endpoint configuration management. Admins or tools relying on registry-based monitoring of antivirus settings. What will happen: Antivirus exclusion values will no longer be readable from the local device registry. Registry‑based extraction of exclusions will no longer be supported. Supported Microsoft Defender PowerShell cmdlets (such as Get-MpPreference) will become the required method to retrieve antivirus configuration settings. Devices not using MDE configuration management are not affected. The feature is on by default for tenants using MDE configuration management. | Who is affected:
Organizations using Microsoft Defender for Endpoint security settings management. Admins or tools relying on registry-based monitoring of antivirus settings. What will happen: Defender antivirus configuration, such as exclusions, values will no longer be readable from the local device registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender. As such registry‑based extractions will no longer be supported. Supported Microsoft Defender PowerShell cmdlets (such as Get-MpPreference) will become the required method to retrieve antivirus configuration settings. Devices not using MDE configuration management are not affected. The feature is on by default for tenants using MDE configuration management. |
Last updated 4 weeks ago ago
