Source: Help Net Security
Author: Sinisa Markovic
URL: https://www.helpnetsecurity.com/2026/06/08/microsoft-defender-for-endpoint-edr-updates/
https://www.helpnetsecurity.com/2026/06/08/microsoft-defender-for-endpoint-edr-updates/
ONE SENTENCE SUMMARY:
Microsoft will deliver Defender for Endpoint EDR updates via Microsoft Update, accelerating independent improvements across supported Windows versions by fall 2026.
MAIN POINTS:
- EDR security improvements will ship independently from monthly Windows OS updates.
- Rollout began late May 2026 for Windows 10 devices.
- Expansion to Windows 11 and other supported Windows versions occurs later in 2026.
- Microsoft expects deployment completion by fall 2026.
- Microsoft Update-managed organizations require no changes to receive EDR updates.
- Manual package deployment environments must add the new Defender update package.
- Existing documentation and procedures should be revised to reflect the new delivery method.
- Helpdesk and SecOps teams should be informed about updated EDR update behavior.
- Delivery uses Microsoft Update via KB5005292 after prerequisites are installed.
- New Defender Update Service creates
%ProgramData%\Microsoft\Microsoft Defender\Defender Updateon first EDR update.
TAKEAWAYS:
- Plan prerequisites and Sense version compliance before expecting EDR updates through Microsoft Update.
- Treat KB5005292 as the enabling mechanism once required cumulative updates exist.
- Update orchestration processes for manual deployment to avoid missing EDR improvements.
- Prepare operational teams for generally restart-free updates and rare failure-driven reboots.
- Verify supported OS builds have the specified 2025-07/2025-08 cumulative updates or newer.