Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates.
The rollout started for Windows 10 devices in late May 2026 and will expand to Windows 11 and other supported Windows versions later this year. Microsoft expects deployment to be completed by fall 2026.
Organizations whose devices receive updates through Microsoft Update do not need to take any action. Those using manual update package deployment should ensure the new Defender update package is included in their standard update process.
Microsoft advises organizations to review documentation and operational procedures that reference Defender for Endpoint update behavior and inform helpdesk and security operations teams about the new delivery method.
EDR updates will be delivered through Microsoft Update using KB5005292 after the required prerequisite updates have been installed.
Microsoft is also introducing a new Defender Update Service. When the first EDR update is installed, a new directory will be created at %ProgramData%MicrosoftMicrosoft DefenderDefender Update.
EDR updates generally do not require a restart, although a restart may be required in rare failure scenarios.
Devices must be running Sense version 10.8798.25857.1000 or later and have one of the following updates, or a later version, installed:
- Windows 11 24H2: KB5062660 (2025-07 Cumulative Update Preview)
- Windows 11 23H2: KB5062663 (2025-07 Cumulative Update Preview)
- Windows 11 22H2: KB5062663 (2025-07 Cumulative Update Preview)
- Windows 10 22H2: KB5062649 (2025-07 Cumulative Update Preview)
- Windows 10 1809: KB5063877 (2025-08 Cumulative Update)
- Windows Server 2019: KB5063877 (2025-08 Cumulative Update)
- Windows Server 2022: KB5063880 (2025-08 Cumulative Update)
- Windows Server 2025: KB5063878 (2025-08 Cumulative Update)
