Windows Server August updates fix Microsoft 365 Defender issue


Microsoft has resolved an issue that breaks multiple Microsoft 365 Defender features using the network data reporting service after installing July’s Windows Server updates.

The Microsoft 365 Defender (now known as Defender XDR) enterprise defense suite helps coordinate detection, prevention, investigation, and incident response across an organization’s endpoints, identities, email, and applications.

This known issue only impacts Windows Server 2022 systems and mainly affects the Network Detection and Response (NDR) service. Additionally, it impacts other Defender features that rely on the NDR service to collect data, such as Incident Response and Device Inventory.

“This issue was resolved by Windows updates released August 13, 2024 (KB5041160), and later,” Microsoft said in an update on the Windows release health dashboard.

“We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.”

Windows admins can confirm that systems on their organization’s network are impacted by checking the service health page in the Microsoft 365 admin center for new alerts.

Today, Redmond fixed another known issue causing LPD printing jobs to fail on Windows Server 2022, Windows Server 2019, and Windows Server 2016 systems after installing the July 2024 security updates.

An emergency fix was also pushed to Windows Server 2019 systems in May to address a bug that triggered 0x800f0982 errors after deploying the May 2024 Patch Tuesday security updates.

The same month, Microsoft fixed known issues that broke VPN connections across client and server platforms, triggered domain controller reboots, and caused NTLM authentication failures after installing April’s Windows Server security updates.

However, the company is still working on fixing a bug triggered by last month’s updates that breaks remote desktop connections on systems running Windows Server 2012 and later if the legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway.

“This issue might occur intermittently, such as repeating every 30 minutes. At this interval, logon sessions are lost and users will need to reconnect to the server,” the company explains.



Source link